Burning Board search.php boardids Parameter SQL Injection

The version of Burning Board / Burning Board Lite on the remote host fails to sanitize user input to the ‘boardids’ parameter of the ‘search.php’ script before using it in database queries. Regardless of PHP’s ‘register_globals’ and ‘magic_quotes_gpc’ settings, an unauthenticated remote attacker can leverage this issue to launch SQL injection attacks against the affected application, including discovery of password hashes of users of the application.