This vulnerability was found on the popular forum platform gnuboard5. A vignette cipher is used to obfuscate user’s email addresses when these are sent to the front-end. Using a known-plaintext attack, the cipher key can be calculated. Leading to leaking of user data & full SMTP control.
An SQL injection allowing access to user emails & passwords was found in the game BulletForce. BulletForce is a browser-based first person shooter made by BlayzeGames. Despite developers being aware of the issue, it took over a year for them to attempt to fix it.