>The mentioned SQL injection vulnerability is not possible. Please >remove it. Could you explain this further? In 1.5.3, edit_forum() in forums.inc.php has the following: $sql = "UPDATE ".TABLE_PREFIX."forums SET title='$_POST[title]', description='$_POST[body]' WHERE forum_id=$_POST[fid]"; $result = mysql_query($sql,$db); where is appears that $_POST[fid] is directly inserted into the SQL query. In 1.5.3.1, a new statement has been added to the same function, just before the two statements above: $_POST['fid'] = intval($_POST['fid']); This looks like cleansing that would be relevant for SQL injection. For those who were wondering, both $_POST['title'] and $_POST['body'] are re-set using addslashes: $_POST['title'] = $addslashes($_POST['title']); $_POST['body'] = $addslashes($_POST['body']); - Steve
