Freelance Auction Script 1.0 stores user passwords in plaintext in the tbl_users table, which allows attackers to gain privileges by reading the table.

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2279)