PHP Code:
case 'do_addsubscription':
if ($mybb->input['title'] == '' || $mybb->input['description'] == '' || intval($mybb->input['group']) <= 0)
{
mysubscriptions_messageredirect($lang->mysubscriptions_missing_field, 1);
}
$title = $db->escape_string($mybb->input['title']);
$description = $db->escape_string($mybb->input['description']);
People using this plugin on forum are likely to be hacked or defaced by attacker if they santize header and upload shell. Apart from Sqli.
I had previously informed plugin author about this but he seem to be lazy and never checks his mail . And i dont got time to register his kiddo forum