Mercuryboard: >> Mercuryboard >> 1.0 Security Vulnerabilities
SQL injection vulnerability in func/login.php in MercuryBoard 1.1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header ($_SERVER['HTTP_USER_AGENT']).
CVSS Score
7.5
EPSS Score
0.001
Published
2009-04-07
index.php in MercuryBoard 1.0.x and 1.1.x allows remote attackers to obtain sensitive information by setting the debug parameter.
CVSS Score
5.0
EPSS Score
0.005
Published
2005-05-02
Cross-site scripting (XSS) vulnerability in MercuryBoard 1.0.x and 1.1.x allows remote attackers to inject arbitrary HTML and web script via the f parameter.
CVSS Score
4.3
EPSS Score
0.003
Published
2005-02-17