MyBulletinBoard MEMBER.PHP SQL Injection Vulnerability

A remote SQL injection vulnerability reportedly affects MyBulletinBoard. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in an SQL query.

An attacker may leverage this issue to manipulate SQL query strings and potentially carry out arbitrary database queries. This may facilitate the disclosure or corruption of sensitive database information. Reportedly, a successful attack can disclose the administrator password hash to an attacker.

All versions of MyBulletinBoard are considered vulnerable to this issue.


Privacy Statement
Copyright 2010, SecurityFocus