MercuryBoard <= 1.1.5 (func/login.php) SQL Injection Vulnerability
Description:
SQL injection vulnerability in func/login.php in MercuryBoard 1.1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header ($_SERVER[‘HTTP_USER_AGENT’]).
References:
Disclosure Date:
May 19, 2008