CVE-2008-1408
phpBP 2 RC3 (2.204) FIX 4 contains a SQL injection in includes/functions/banners-external.php via the id parameter in a banner_out action. This allows remote attackers to execute arbitrary SQL commands. The affected component is the phpBP banner_out flow, and the root cause is unsafely concatenat...