Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or (2) entry/passwordrequest.
https://github.com/vanillaforums/Garden/commit/83078591bc4d263e77d2a2ca283100997755290d
https://exchange.xforce.ibmcloud.com/vulnerabilities/83289
http://www.exploit-db.com/exploits/24927
http://vanillaforums.org/discussion/23339/security-update-vanilla-2-0-18-7