Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Maxboard multiple vulnerabilities
Vulnerability Description
SQL injection and file upload attacks are possible due to insufficient validation of input values in some parameters and variables of files compromising Maxboard, which may lead to arbitrary code execution or privilege escalation. Attackers can use these vulnerabilities to perform attacks such as stealing server management rights using a web shell.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Max Yi MaxBoard 代码问题漏洞
Vulnerability Description
Max Yi MaxBoard是韩国Max Yi公司的一个 CMS(内容管理系统) 或 Web 框架。有助于使网站创建和站点管理更容易,并且可以轻松方便地用于构建应用程序的后端。 Max Yi MaxBoard 1.9.5.1 之前的版本存在代码问题漏洞,该漏洞源于Maxboard 文件的某些参数和变量的输入值验证不充分,攻击者可以利用该漏洞执行任意代码或权限提升等。
CVSS Information
N/A
Vulnerability Type
N/A