Forget Heart Message Box is a messaging website. v1.1 of Forget Heart Message Box is vulnerable to SQL injection, which stems from a lack of validation of external input SQL statements in the name parameter of ca.php. An attacker could use this vulnerability to execute illegal SQL commands to steal sensitive database data.