□ Overview
o MaxBoard released security update to address Remote Code Execution vulnerability in MaxBoard.
Vulnerability
Vulnerability Type |
Impact |
Severity |
CVSS Score |
CVE ID |
Remote Code Execution |
Information exposure
and Privilege escalation |
High |
8.8 |
CVE-2021-26636 |
□ Description
o Stored XSS and SQL injection vulnerability in MaxBoard could lead to occur Remote Code Execution, which could lead to information exposure and privilege escalation.
□ Affected Product
Affected Product
Product |
Version |
Platform |
MaxBoard |
prior of 1.9.6.1 |
Linux |
□ Solution
o Update software over MaxBoard 1.9.6.2 version or higher.
□ Reference
[1] https://maxb.kr/
□ Acknowledgements
o Thanks to Inbong Song for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀 |