CVE-2011-5091

Name of the Vulnerable Software and Affected Versions GR Board version 1.8.6.5 Community Edition

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the tableType or blindTarget parameter to "view.php", the delTargets[0] parameter to "view memo.php", or the isReported parameter to "write ok.php".

Recommendations For GR Board version 1.8.6.5 Community Edition, avoid using the tableType, blindTarget, delTargets[0], and isReported parameters in the respective API endpoints until a patch is available. As a temporary workaround, consider restricting access to the "view.php", "view memo.php", and "write ok.php" endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.