Dmx Forum 2.1a allows remote malicious users to obtain username and password information via a direct request to pops/edit.php with a modified membre parameter.
dmx forum dmx forum 2.1a