https://www.exploit-db.com/exploits/26149
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200508-149

MyBB是一款流行的基于Web的网络论坛程序。MyBB在处理用户请求时存在SQL注入漏洞，远程攻击者可以利用这个漏洞获得敏感信息、破坏数据库或控制MyBB论坛。MyBB的多个脚本对用户提交的多个参数缺少充分的检查过滤，远程攻击者可以利用此漏洞非授权操作数据库。

source: http://www.securityfocus.com/bid/14553/info
  
MyBulletinBoard is prone to multiple SQL injection vulnerability. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
  
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
  
Reports indicate an attacker can exploit at least one of these vulnerabilities to gain administrative access to the affected application. 

http://www.example.com/polls.php?action=newpoll&tid=1&polloptions='[SQL INJECTION]

来源:BID
名称:14553
链接:http://www.securityfocus.com/bid/14553
来源:BUGTRAQ
名称:20050812MyBulletinBoardRC4Vulnerabilities
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=112387501519835&w;=2