RedTeam has identified a SQL injection that can be triggered due to a lack of user input sanitization in phpBannerExchange versions 2.0 RC5 and below. It is possible to recover a password of a user and thereby overtake his account.
6ba2021069dae4cc4deafb57eec1782f8dfa9bd1d74db02264d59185289236ed