The TYPO3 Core wec_discussion extension prior to 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input.
guidestar wec discussion forum