Zym

**Name of the Vulnerable Software and Affected Versions** 6kbbs version 8.0 build 20100901 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `tids[]` parameter to "ajaxadmin.php" and the `msgids[]` parameter to "ajaxmember.php". **Recommendations** For version 8.0 build 20100901, consider restricting access to the "ajaxadmin.php" and "ajaxmember.php" API endpoints until a patch is available. As a temporary workaround, avoid using the `tids[]` and `msgids[]` parameters in the affected API endpoints.