본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2021-26631 | Mangboard parameter modulation vulnerability2022.05.19
□ Overview
 o Hometory Co.,Ltd released security update to address improper input validation vulnerability in Mangboard commerce package.
Vulnerability
Vulnerability Type Impact Severity CVSS Score CVE ID
improper input validation abnormal request
occurring
High 8.0 CVE-2021-26631

□ Description
 o Improper input validation vulnerability in Mangboard commerce package could lead to occur for abnormal request.
 o A remote attacker can exploit this vulnerability to manipulate the total order amount into a negative number and then pay for the order.

□ Affected Product
Affected Product
Product Version Platform
Mangboard commerce package prior of 1.3.8 Linux, Windows and etc..

□ Solution
 o Update software over Mangboard commerce package 1.3.9 version or higher.

□ Reference
[1] https://www.mangboard.com/

□ Acknowledgements
 o Thanks to Song Inbong for reporting this vulnerability.


□ 작성 : 침해사고분석단 취약점분석팀