Hazl0Oh

**Name of the Vulnerable Software and Affected Versions** XchangeBoard versions 1.70 Final and earlier **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved via the `boardID` parameter in the "newThread.php" file. **Recommendations** For XchangeBoard versions 1.70 Final and earlier, avoid using the `boardID` parameter in the newThread.php file until a fix is available. Consider restricting access to newThread.php to minimize the risk of exploitation.