SQL injection vulnerability in member.php in Oxygen Bulletin Board 1.1.3 allows remote attackers to execute arbitrary SQL commands via the member parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

SQL injection vulnerability in post.php in Oxygen 1.1.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a newthread action.