CVE-2021-26634

Maxboard multiple vulnerabilities

CVSS 9.8 CRITICALEPSS 1.3%CWE-288 CWE-434 CWE-89

Vexday Risk Score

28Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 9.8EPSS 1.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

01 Jun 2022Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

SQL injection and file upload attacks are possible due to insufficient validation of input values in some parameters and variables of files compromising Maxboard, which may lead to arbitrary code execution or privilege escalation. Attackers can use these vulnerabilities to perform attacks such as stealing server management rights using a web shell.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Max Yi · Maxboard

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66746