[原文]Multiple SQL injection vulnerabilities in ThWboard before Beta 2.8.2 allow remote attackers to inject arbitrary SQL commands via various vectors including (1) Admin-Center, (2) Announcements, (3) admin/calendar.php, and (4) showevent.php.
ThWboard contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the "eventtime" variable in the "admin/calendar.php" module is not verified properly and will allow an attacker to inject or manipulate SQL queries.
Upgrade to version 2.82 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.