Aceboard is prone to a sql injection vulnerability because it fails to properly sanitize user-supplied input into Recherche.php form.

An attacker can exploit this issue to modify initial query and reveal information from mysql databse.


see u, karmaguedon