Rob, isn't the newly-created BID 44312 a dup of 36044? Both seem to correspond to an issue reported by Securitylab.ir in August 2009: http://packetstormsecurity.org/0908-exploits/discuz60-sql.txt The only difference I see is that the newer entry truncates the PoC. George -- theall at tenablesecurity.com