Vulnerability Summary Title Authenticated SQL Injection in Moderator Control Panel (modcp.php) via topic_id parameter Affected Versions <=2.8.8 Vulnerability Details Type: Authenticated SQL Injection Location: file, during processing of the parameter Issue: The value of the parameter is directly retrieved from user input without validation or parameterization, and is directly embedded into an SQL query, leading to SQL injection risk. Vulnerable Code Snippet In , lines 111-122, the following code is vulnerable: In the condition , the variable is directly inserted into the query string. An attacker can inject SQL syntax via the parameter. Vulnerability Reproduction Steps Prerequisites: 1. A running TorrentPier instance 2. An account with moderator privileges Steps: 1. Log in as a moderator 2. Retrieve the full session cookie string using browser developer tools 3. Use the tool to automate exploitation, with a command example as follows: Impact This is an authenticated SQL injection vulnerability. Although it requires moderator privileges, it is still severe. Exploiting this vulnerability allows the following actions: Data Theft: Extract sensitive data from the database, including user credentials (password hashes), private messages, and email addresses. Data Modification: Alter records in the database, such as elevating one's own or others' privileges to administrator level. Data Deletion: Delete tables or records to compromise forum data integrity.