CVE-2021-26633
HIGHmaxb maxboard < 1.9.4 - SQL Injection and Local File Inclusion
Title source: llmDescription
SQL injection and Local File Inclusion (LFI) vulnerabilities in MaxBoard can cause information leakage and privilege escalation. This vulnerabilities can be exploited by manipulating a variable with a desired value and inserting and arbitrary file.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66745
Scores
CVSS v3
7.5
EPSS
0.0084
EPSS Percentile
53.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-89
Status
published
Products (1)
maxb/maxboard
< 1.9.4
Published
Jun 02, 2022
Tracked Since
Feb 18, 2026