CVE-2005-2580 Information

Description

Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 with Security Patch allow remote attackers to execute arbitrary SQL commands via the Username field in (1) index.php or (2) member.php action parameter to (3) search.php or (4) member.php or (5) polloptions parameter to polls.php.

Reference

http://marc.info/?l=bugtraq&m=112387501519835&w=2 http://www.securityfocus.com/bid/14553