CVE-2010-1859 Information

Description

SQL injection vulnerability in newpost.php in DeluxeBB 1.3 and earlier when magic_quotes_gpc is disabled allows remote attackers to execute arbitrary SQL commands via the membercookie cookie when adding a new thread.

Reference

http://php-security.org/2010/05/06/mops-2010-011-deluxebb-newthread-sql-injection-vulnerability/index.html http://www.securityfocus.com/bid/39962