Ultrasound

**Name of the Vulnerable Software and Affected Versions** PunBB Affiliation module versions 1.1.0 and earlier **Description** The issue concerns SQL injection vulnerabilities in the affiliates.php file of the Affiliation module for PunBB. Remote attackers can execute arbitrary SQL commands by manipulating the `in` or `out` parameters. **Recommendations** For PunBB Affiliation module versions 1.1.0 and earlier, consider restricting access to the affiliates.php file until a patch is available. As a temporary workaround, avoid using the `in` and `out` parameters in the affected module to minimize the risk of exploitation.