PT-2026-31559 · Unknown · Simple It Discussion Forum
Christychen11
·
Published
2026-04-09
·
Updated
2026-04-18
·
CVE-2026-5827
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Simple IT Discussion Forum version 1.0
Description
A SQL injection issue exists in Simple IT Discussion Forum version 1.0. The vulnerability is located in the
/question-function.php file, within an unknown function. Manipulation of the content parameter can lead to SQL injection. The attack can be initiated remotely. The exploit has been publicly disclosed.Recommendations
Update to a newer version of Simple IT Discussion Forum that addresses this SQL injection issue. As a temporary workaround, restrict or carefully sanitize the
content parameter in the /question-function.php file.Exploit
Fix
SQL injection
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Simple It Discussion Forum