CVE-2021-26634
Last modified
CVE-2021-26634 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. SQL injection and file upload attacks are possible due to insufficient validation of input values in some parameters and variables of files compromising Maxboard, which may lead to arbitrary code execution or privilege escalation. Attackers can use these vulnerabilities to perform attacks such as stealing server management rights using a web shell.. EPSS estimates a 1.31% chance of exploitation in the next 30 days.
Description
SQL injection and file upload attacks are possible due to insufficient validation of input values in some parameters and variables of files compromising Maxboard, which may lead to arbitrary code execution or privilege escalation. Attackers can use these vulnerabilities to perform attacks such as stealing server management rights using a web shell.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Maxb | Maxboard | < 1.9.6 |
References
- https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66746Broken Link, Third Party Advisory
- https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66746Broken Link, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-26634?
How severe is CVE-2021-26634?
How do I fix CVE-2021-26634?
Are you affected by CVE-2021-26634?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST