CVE-2011-5137

Name of the Vulnerable Software and Affected Versions tForum version b0.915

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the TopicID parameter to "viewtopic.php", the BoardID parameter to "viewboard.php", or the CatID parameter to "viewcat.php".

Recommendations For tForum version b0.915, consider restricting access to the "viewtopic.php", "viewboard.php", and "viewcat.php" API endpoints until a patch is available. As a temporary workaround, avoid using the TopicID, BoardID, and CatID parameters in the affected API endpoints.