CVE-2009-3059

Name of the Vulnerable Software and Affected Versions: Joker Board (aka JBoard) versions 2.0 and earlier

Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via two endpoints: "core/select.php" or the city parameter to "top add.inc.php", which is reachable through "sboard.php".

Recommendations: For Joker Board (aka JBoard) versions 2.0 and earlier, as a temporary workaround, consider restricting access to the "core/select.php" and "top add.inc.php" endpoints until a patch is available. Avoid using the city parameter in the "top add.inc.php" endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.