Mercury · Mercuryboard · CVE-2005-0414
**Name of the Vulnerable Software and Affected Versions**
MercuryBoard version 1.1.1
**Description**
The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via a reply post action for index.php using either the `t` parameter or the `qu` parameter.
**Recommendations**
For MercuryBoard version 1.1.1, consider restricting access to the post.php file until a patch is available. As a temporary workaround, avoid using the `t` and `qu` parameters in the index.php endpoint to minimize the risk of exploitation.