SQL injection vulnerability in index.php in Beehive Forum 0.6.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_sess parameter.
Beehive Forum is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. Successful exploitation can allow an attacker to bypass authentication and gain administrative access to a site. Other attacks may also be possible. Beehive Forum 0.6.2 is reported to be vulnerable.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: email@example.com <mailto:firstname.lastname@example.org>.
An exploit is not required. The following proof of concept examples are available: http://www.example.com/beehive/index.php?user_sess=k http://www.example.com/beehive/index.php?user_sess=1+MYFORUM