CVE-2018-5987

Name of the Vulnerable Software and Affected Versions: Joomla! Pinterest Clone Social Pinboard version 2.0

Description: A security issue exists in the Pinterest Clone Social Pinboard component for Joomla!, where an attacker can inject SQL code. This can be achieved through various parameters in different actions, including the pin id or user id parameter in a "task=getlikeinfo" action, the ends parameter in a "view=gift" action, the category parameter in a "view=home" action, the uid parameter in a "view=pindisplay" action, the searchVal parameter in a "view=search" action, or the uid parameter in a "view=likes" action.

Recommendations: For Joomla! Pinterest Clone Social Pinboard version 2.0, as a temporary workaround, consider restricting access to the affected actions, such as "task=getlikeinfo", "view=gift", "view=home", "view=pindisplay", "view=search", and "view=likes", until a patch is available. Avoid using the parameters pin id, user id, ends, category, uid, and searchVal in their respective actions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.