본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2021-26633 | Maxboard SQL injection and LFI vulnerability2022.05.30
□ Overview
 o MaxBoard released security update to address SQL injection and Local File Inclusion(LFI) vulnerability in MaxBoard.
Vulnerability
Vulnerability Type Impact Severity CVSS Score CVE ID
SQL injection and LFI Information exposure and
Privilege escalation
High 7.5 CVE-2021-26633

□ Description
 o SQL injection and Local File Inclusion (LFI) vulnerabilities in MaxBoard can cause information leakage and privilege escalation.
 o This vulnerabilities can be exploited by manipulating a variable with a desired value and inserting and arbitrary file.

□ Affected Product
Affected Product
Product Version Platform
MaxBoard prior of 1.9.3.3 Linux

□ Solution
 o Update software over MaxBoard 1.9.4 version or higher.

□ Reference
[1] https://maxb.kr/

□ Acknowledgements
 o Thanks to Seungjin Baek for reporting this vulnerability.
 

□ 작성 : 침해사고분석단 취약점분석팀