[原文]Multiple SQL injection vulnerabilities in Ideal Science Ideal BB 1.5.4a and earlier allow remote attackers to execute arbitrary SQL commands via multiple unspecified vectors related to stored procedure calls. NOTE: due to lack of details from the researcher, it is not clear whether this overlaps CVE-2004-2209.
IdealBB contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to certain scripts not properly sanitizing user-supplied input to certain variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database, leading to a loss of integrity.
Note that the researcher claims to have found 50 such vulnerabilities in the application.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.