MercuryBoard <= 1.1.5 (func/login.php) SQL Injection Vulnerability

Description:

SQL injection vulnerability in func/login.php in MercuryBoard 1.1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header ($_SERVER[‘HTTP_USER_AGENT’]).

References:

CVE-2008-6632
BID-29280
EDB-5653

Disclosure Date:

May 19, 2008