CVE-2005-2580

Mybulletinboard - SQL Injection

Title source: rule
STIX 2.1

Description

Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 with Security Patch allow remote attackers to execute arbitrary SQL commands via the Username field in (1) index.php or (2) member.php, action parameter to (3) search.php or (4) member.php, or (5) polloptions parameter to polls.php.

Exploits (4)

exploitdb WORKING POC VERIFIED
by phuket · textwebappsphp
https://www.exploit-db.com/exploits/26147
exploitdb WRITEUP VERIFIED
by phuket · textwebappsphp
https://www.exploit-db.com/exploits/26149
exploitdb WRITEUP VERIFIED
by phuket · textwebappsphp
https://www.exploit-db.com/exploits/26148
exploitdb WRITEUP VERIFIED
by phuket · textwebappsphp
https://www.exploit-db.com/exploits/26150

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/14553
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=112387501519835&w=2

Scores

EPSS 0.0157
EPSS Percentile 81.6%

Details

Status published
Products (1)
mybulletinboard/mybulletinboard 1.00_rc4_security_patch
Published Aug 16, 2005
Tracked Since Feb 18, 2026