본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2021-26609 | WordPress Mangboard SQL-Injection vulnerability2021.10.19
□ Overview
 o Mangboard (WordPress plugin) released security update to address SQL-Injection vulnerability.
Vulnerability Type Impact Severity CVSS Score CVE ID
SQL-Injection Information Exposure High 7.5 CVE-2021-26609

□ Description
 o A vulnerability was found in Mangboard(WordPress plugin). A SQL-Injection vulnerability was found in order_type parameter.(CVE-2021-26609)
o The order_type parameter makes a SQL query using unfiltered data.
o This vulnerability allows a remote attacker to steal user information.

□ Affected Product
Product Version Platform
WordPress Mangboard 1.0.0 ~ 1.9.9 Windows

□ Solution
 o Update software over WordPress Mangboard 2.0.0 version or higher.

□ Reference
 [1] https://www.mangboard.com/download/?vid=87

□ Etc
 o Thanks to Sang Youn Lee for reporting this vulnerability.


□ 작성 : 침해사고분석단 취약점분석팀