CVE-2005-1833

MyBulletinBoard < 1.00_rc4 - SQL Injection via Multiple Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1833. PoCs published by Alberto Trivero.

AI-analyzed exploit summary This exploit leverages a SQL injection vulnerability in MyBulletinBoard (MyBB) <= 1.00 RC4 to extract the MD5 hashed password of a specified user ID. It constructs a malicious SQL query via URL manipulation and parses the response to extract the hash.

Description

Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to calendar.php, (2) idsql parameter to online.php, (3) usersearch parameter to memberlist.php, (4) pid parameter to editpost.php, (5) fid parameter to forumdisplay.php, (6) tid parameter to newreply.php, (7) sid parameter to search.php, (8) tid or (9) pid parameter to showthread.php, (10) tid parameter to usercp2.php, (11) tid parameter to printthread.php, or (12) pid parameter to reputation.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Alberto Trivero · perlwebappsphp
https://www.exploit-db.com/exploits/1022

This exploit leverages a SQL injection vulnerability in MyBulletinBoard (MyBB) <= 1.00 RC4 to extract the MD5 hashed password of a specified user ID. It constructs a malicious SQL query via URL manipulation and parses the response to extract the hash.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: MyBulletinBoard (MyBB) <= 1.00 RC4
No auth needed
Prerequisites: Target URL · User ID
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111757191118050&w=2
Exploit, Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/15552
Exploit, Patch, Vendor Advisory x_refsource_confirm
http://www.mybboard.com/community/showthread.php?tid=2559
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/17024

Scores

EPSS 0.0245
EPSS Percentile 82.2%

Details

Status published
Products (1)
mybulletinboard/mybulletinboard < 1.00_rc4
Published May 31, 2005
Tracked Since Feb 18, 2026