[原文]Multiple SQL injection vulnerabilities in CoolForum 0.8 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to entete.php or (2) the login parameter to register.php.
CoolForum contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'pseudo' parameter in the 'entete.php' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.
Upgrade to version 0.8.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.