CVE-2021-26634
CRITICALmaxb maxboard < 1.9.6 - Unrestricted File Upload and SQL Injection
Title source: llmDescription
SQL injection and file upload attacks are possible due to insufficient validation of input values in some parameters and variables of files compromising Maxboard, which may lead to arbitrary code execution or privilege escalation. Attackers can use these vulnerabilities to perform attacks such as stealing server management rights using a web shell.
References (1)
Core 1
Core References
Broken Link, Third Party Advisory x_refsource_misc
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66746
Scores
CVSS v3
9.8
EPSS
0.0123
EPSS Percentile
65.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-288
CWE-434
CWE-89
Status
published
Products (1)
maxb/maxboard
< 1.9.6
Published
Jun 02, 2022
Tracked Since
Feb 18, 2026