This problem is still present, but really only affects FOG setups who allow login across actual internet sources. Typically speaking this vulnerability really only affects malicious insiders trying to bring down an org, and won’t normally pose the problem.

With that said, I’ve been working towards using mysql prepared statements but this will take quite a bit of work as much of the system was coded with the old procedural style of mysql php functions in mind.