A threat actor has announced the sale of a SQL injection vulnerability for phpBB, a popular open-source forum software. According to the threat actor, this vulnerability allows an authenticated attacker to execute SQL queries and retrieve databases.
The vulnerability has reportedly been tested on the latest version of phpBB, making it a significant concern for users of the software. The asking price for this exploit is $69, payable in Bitcoin (BTC).
This announcement underscores the ongoing risks associated with web application vulnerabilities and the importance of regular security updates and patches.