CVE-2021-26644: SQL Injection
First published: Fri Jan 20 2023(Updated: )
SQL-Injection vulnerability caused by the lack of verification of input values for the table name of DB used by the Mangboard bulletin board. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running.
Credit: vuln@krcert.or.kr
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mangboard Commerce | =2.0.3 | |
| Microsoft Windows Operating System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this SQL-Injection vulnerability?
The vulnerability ID for this SQL-Injection vulnerability is CVE-2021-26644.
What is the severity of CVE-2021-26644?
The severity of CVE-2021-26644 is critical with a CVSS score of 9.8.
How can an attacker exploit CVE-2021-26644?
An attacker can exploit CVE-2021-26644 by using a SQL injection technique to manipulate the input values for the table name of the DB used by Mangboard bulletin board, allowing them to execute arbitrary code on the server.
What software is affected by CVE-2021-26644?
The Mangboard bulletin board version 2.0.3 is affected by CVE-2021-26644.
Is Microsoft Windows vulnerable to CVE-2021-26644?
No, Microsoft Windows is not vulnerable to CVE-2021-26644.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mangboard
- canonical/mangboard commerce
- version/mangboard commerce/2.0.3
- vendor/microsoft
- canonical/microsoft windows operating system