CVE-2009-3059

Allpublication Jboard < 2.0 - SQL Injection

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3059. PoCs published by Inj3ct0r.

AI-analyzed exploit summary This exploit demonstrates SQL injection and XSS vulnerabilities in JBoard <= 2.0. The SQLi allows unauthorized data access via the 'city' parameter, while XSS is achievable through unsanitized input in multiple endpoints.

Description

Multiple SQL injection vulnerabilities in Joker Board (aka JBoard) 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) core/select.php or (2) the city parameter to top_add.inc.php, reachable through sboard.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Inj3ct0r · textwebappsphp

https://www.exploit-db.com/exploits/34456

View Code ZIP pw:eip

This exploit demonstrates SQL injection and XSS vulnerabilities in JBoard <= 2.0. The SQLi allows unauthorized data access via the 'city' parameter, while XSS is achievable through unsanitized input in multiple endpoints.

Classification

Working Poc 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Reliable

Target: JBoard <= 2.0

No auth needed

Prerequisites: Access to vulnerable JBoard instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit x_refsource_misc

http://packetstormsecurity.org/0908-exploits/jboard-sql.txt

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/2473

Scores

EPSS 0.0097

EPSS Percentile 57.2%

Details

CWE

CWE-89

Status published

Products (1)

allpublication/jboard < 2.0

Published Sep 03, 2009

Tracked Since Feb 18, 2026