|Topic:||Incorrect escaping when updating first post in a single simple discussion forum type|
|Versions affected:||<1.9.6, <1.8.10|
|Reported by:||Nicola Vitacolonna|
|Solution:||upgrade to latest weekly build or 1.9.6|
Nicola Vitacolonna discovered forum introduction is incorrectly escaped when editing the first post of a single simple discussion forum. This can potentially lead to SQL injection attacks by teachers. Students can not exploit this problem.