CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2021-26636 – Maxboard Remote Code Execution
https://notcve.org/view.php?id=CVE-2021-26636
22 Jun 2022 — Stored XSS and SQL injection vulnerability in MaxBoard could lead to occur Remote Code Execution, which could lead to information exposure and privilege escalation. Una vulnerabilidad de inyección XSS y SQL almacenado en MaxBoard podría conducir a una ejecución de código remota, lo que podría conllevar a una exposición de información y a una escalada de privilegios • https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66781 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-26634 – Maxboard multiple vulnerabilities
https://notcve.org/view.php?id=CVE-2021-26634
01 Jun 2022 — SQL injection and file upload attacks are possible due to insufficient validation of input values in some parameters and variables of files compromising Maxboard, which may lead to arbitrary code execution or privilege escalation. Attackers can use these vulnerabilities to perform attacks such as stealing server management rights using a web shell. Unos ataques de inyección SQL y de carga de archivos son posibles debido a la insuficiente comprobación de los valores de entrada en algunos parámetros y variabl... • https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66746 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-26633 – Maxboard SQL injection and LFI vulnerability
https://notcve.org/view.php?id=CVE-2021-26633
01 Jun 2022 — SQL injection and Local File Inclusion (LFI) vulnerabilities in MaxBoard can cause information leakage and privilege escalation. This vulnerabilities can be exploited by manipulating a variable with a desired value and inserting and arbitrary file. Unas vulnerabilidades de inyección SQL e inclusión de archivos locales (LFI) en MaxBoard pueden causar filtrado de información y escalada de privilegios. Estas vulnerabilidades pueden ser explotadas al manipular una variable con un valor deseado e insertando un a... • https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66745 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-26628 – MaxBoard XSS and File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2021-26628
26 Apr 2022 — Insufficient script validation of the admin page enables XSS, which causes unauthorized users to steal admin privileges. When uploading file in a specific menu, the verification of the files is insufficient. It allows remote attackers to upload arbitrary files disguising them as image files. Una insuficiente comprobación de scripts de la página de administración permite un ataque de tipo XSS, lo que causa que usuarios no autorizados roben privilegios de administrador. Cuando es subido un archivo en un menú ... • https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66673 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-434: Unrestricted Upload of File with Dangerous Type •