Vulnerability Description
SQL injection and file upload attacks are possible due to insufficient validation of input values in some parameters and variables of files compromising Maxboard, which may lead to arbitrary code execution or privilege escalation. Attackers can use these vulnerabilities to perform attacks such as stealing server management rights using a web shell.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Maxb | Maxboard | < 1.9.6 |
| Linux | Linux Kernel | - |
Related Weaknesses (CWE)
References
- https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66746Broken LinkThird Party Advisory
- https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66746Broken LinkThird Party Advisory
FAQ
What is CVE-2021-26634?
CVE-2021-26634 is a vulnerability with a CVSS score of 9.8 (CRITICAL). SQL injection and file upload attacks are possible due to insufficient validation of input values in some parameters and variables of files compromising Maxboard, which may lead to arbitrary code exec...
How severe is CVE-2021-26634?
CVE-2021-26634 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-26634?
Check the references section above for vendor advisories and patch information. Affected products include: Maxb Maxboard, Linux Linux Kernel.