CVE-2011-5090

Name of the Vulnerable Software and Affected Versions GR Board (aka grboard) version 1.8.6.5 Community Edition

Description The issue allows remote attackers to modify or delete data without requiring authentication for certain database actions. This can be achieved by sending a request to specific API endpoints, including "mod rewrite.php", "comment write ok.php", "poll/index.php", "update/index.php", "trackback.php", or an arbitrary "poll.php" script under the "theme/" directory.

Recommendations For GR Board (aka grboard) version 1.8.6.5 Community Edition, consider restricting access to the mentioned API endpoints, such as "mod rewrite.php", "comment write ok.php", "poll/index.php", "update/index.php", "trackback.php", and arbitrary "poll.php" scripts under "theme/", until a proper fix is available. Additionally, implementing proper authentication mechanisms for database actions can help mitigate the risk of unauthorized data modification or deletion.