CVE-2007-1842

Name of the Vulnerable Software and Affected Versions: JSBoard versions prior to 2.0.12

Description: A directory traversal issue exists, allowing remote attackers to include and execute arbitrary local files by injecting a .. (dot dot) in the table parameter of the login.php file. This can be used to inject PHP sequences into an Apache HTTP Server log file.

Recommendations: For versions prior to 2.0.12, update to version 2.0.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the login.php file to minimize the risk of exploitation. Avoid using the table parameter in the login.php file until the issue is resolved.