Description
Multiple SQL injection vulnerabilities in Joker Board (aka JBoard) 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) core/select.php or (2) the city parameter to top_add.inc.php, reachable through sboard.php.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Inj3ct0r · textwebappsphp
https://www.exploit-db.com/exploits/34456
References (2)
Core 2
Core References
Exploit x_refsource_misc
http://packetstormsecurity.org/0908-exploits/jboard-sql.txt
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/2473
Scores
EPSS
0.0013
EPSS Percentile
32.1%
Details
CWE
CWE-89
Status
published
Products (1)
allpublication/jboard
< 2.0
Published
Sep 03, 2009
Tracked Since
Feb 18, 2026