phpBB datenbank mod has XSS/SQL Injection in the id variable

vulnerable mod: datenbank explaination: you can pass SQL Injection / Cross Site Scripting Commands in the id variable inside the mod.php mod-datenbank exploit: http://target/phpBB/moddb/mod.php?id='SQL Injection http://target/phpBB/moddb/mod.php?id='scriptalertdocument.cookie /script this bugs...