SQL injection vulnerability in forum.php in PhpWebThings 1.4.4 allows remote malicious users to execute arbitrary SQL commands via the forum parameter.
phpwebthings phpwebthings 1.4.4