4 matches found
CVE-2021-26636
CVE-2021-26636 affects MaxBoard. The connected documents indicate a stored XSS and SQL injection vulnerability in MaxBoard that could lead to remote code execution, information exposure, and privilege escalation. The primary sources describe the vulnerable component as MaxBoard and emphasize impa...
CVE-2021-26628
CVE-2021-26628 concerns MaxBoard CMS. Connected sources indicate a vulnerability in versions prior to 1.9.6 due to insufficient script validation on the admin page and weak validation of uploaded files. This allows an unauthenticated attacker to upload arbitrary files disguised as images, enablin...
CVE-2021-26633
CVE-2021-26633 affects MaxBoard, a CMS/web framework. The connected sources describe a two-pronged vulnerability: SQL Injection and Local File Inclusion (LFI) in MaxBoard that can cause information leakage and privilege escalation. The root cause is manipulation of input variables to insert arbit...
CVE-2021-26634
Maxboard/MaxBoard (Max Yi Korea) has input validation flaws in certain parameters/variables of files, allowing SQL injection and file upload attacks. This can lead to arbitrary code execution or privilege escalation, including web-shell-based server management compromise. Some sources indicate af...