It has been reported that VieNuke VieBoard may be prone to a SQL injection vulnerability that may allow an attacker to disclose sensitive information by supplying malicious SQL code to the underlying database.
A malicious user may influence database queries in order to view or modify sensitive information potentially compromising the software or the database.
VieBoard contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the forumid variable in the viewtopic.asp module is not verified properly and will allow an attacker to inject or manipulate SQL queries.
Currently, there are no known workarounds or upgrades to correct this issue. However, VieNuke has released a patch to address this vulnerability.