204497 SQL Injection / Spam Problem

I have a custom designed message board in place. It has been modified by two developers in the past, but remains fairly simple in form and functionality. Someone has compromised the security of the board and is using some sort of sql injection to relay spam. I would like this fixed without replacing the board. I am not interested in replacing the board with a modified open source item. I simply need someone to find and patch the security hole and ensure that it doesn't happen again in the future.