MyBulletinBoard is prone to multiple SQL injection vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
One may inject SQL data by submitting a HTTP POST with a modification
of the http header as follows:
Content-Disposition: form-data; name="icon"\r\n
-1') [SQL] /*\r\n