□ Overview
o Mangboard (WordPress plugin) released security update to address SQL-Injection vulnerability.
Vulnerability
| Vulnerability Type |
Impact |
Severity |
CVSS Score |
CVE ID |
| SQL-Injection |
Information Exposure |
High |
7.5 |
CVE-2021-26609 |
□ Description
o A vulnerability was found in Mangboard(WordPress plugin). A SQL-Injection vulnerability was found in order_type parameter.(CVE-2021-26609)
o The order_type parameter makes a SQL query using unfiltered data.
o This vulnerability allows a remote attacker to steal user information.
□ Affected Product
Affected Product
| Product |
Version |
Platform |
| WordPress Mangboard |
1.0.0 ~ 1.9.9 |
Windows |
□ Solution
o Update software over WordPress Mangboard 2.0.0 version or higher.
□ Reference
[1] https://www.mangboard.com/download/?vid=87
□ Etc
o Thanks to Sang Youn Lee for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀 |
