CVE-2005-2580

Name of the Vulnerable Software and Affected Versions MyBB version 1.00 RC4 with Security Patch

Description The issue allows remote attackers to execute arbitrary SQL commands, potentially leading to data manipulation or extraction. This can be achieved via several API endpoints, including "index.php", "member.php", "search.php", and "polls.php", by exploiting the Username field, action parameter, or polloptions parameter.

Recommendations For MyBB version 1.00 RC4 with Security Patch, consider disabling the Username field in "index.php" and "member.php", restricting access to the action parameter in "search.php" and "member.php", and limiting the use of the polloptions parameter in "polls.php" until a patch is available.