□ Overview
o Hometory Co.,Ltd released security update to address SQL-Injection vulnerability in bulletin board developed by Mangboard.
□ Description
o SQL-Injection vulnerability caused by the lack of verification of input values for the table name of DB used by the Mangboard bulletin board.
o A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running.
□ Affected Product
□ Solution
o Update software over Mangboard WP BASIC 2.0.4 version or higher.
□ Reference
[1] http://www.mangboard.com/notice/
□ Acknowledgements
o Thanks to Seung Jin Baek for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀
o Hometory Co.,Ltd released security update to address SQL-Injection vulnerability in bulletin board developed by Mangboard.
| Vulnerability | Impact | Severity | CVSS Score | CVE ID |
| SQL-Injection | Information exposure | High | 8.8 | CVE-2021-26644 |
□ Description
o SQL-Injection vulnerability caused by the lack of verification of input values for the table name of DB used by the Mangboard bulletin board.
o A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running.
□ Affected Product
| Product | version | Platform |
| Mangboard | WP BASIC 2.0.3 | Windows |
□ Solution
o Update software over Mangboard WP BASIC 2.0.4 version or higher.
□ Reference
[1] http://www.mangboard.com/notice/
□ Acknowledgements
o Thanks to Seung Jin Baek for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀