Description

WordPress Plugin Mang Board WP is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin Mang Board WP version 1.9.9 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.0.0 or latest

References

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36292

https://www.mangboard.com/download/?vid=87

Related Vulnerabilities

Python Untrusted Search Path Vulnerability (CVE-2008-5983)

WordPress Other Vulnerability (CVE-2007-0106)

WordPress Plugin Admin Log Unspecified Vulnerability (1.42)

MySQL Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-7247)

WordPress Plugin Advanced Forms for ACF Security Bypass (1.6.8)

Severity

High

Classification

CVE-2021-26609 CWE-89 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update SQL Injection