Sql injection

SQL injection vulnerability in forum.php in Arab Portal 2.x, when magicquotesgpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the qc parameter in an addcomment action, a different vector than CVE-2006-1666...