Secunia Security Advisory - Abducter has discovered some vulnerabilities in Pearl Forums, which can be exploited by malicious people to conduct SQL injection attacks and disclose sensitive information. 1) Input passed to the forumsId and topicId parameters in index.php isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Input passed to the mode parameter in index.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from local resources. Successful exploitation requires that magic_quotes_gpc is disabled. The vulnerabilities have been confirmed in version 2.4 and has also been reported in version 2.0. Other versions may also be affected.
241875297444cd4a4e33999e1bb7785220e8336ff7bf7fd393d80a6a4fbdf7a1