GNUBoard is the most popular BBS board in South Korea.
I received $500 for RCE on Windows and $50 for MySQL password leak.
Video (Click to view)
Crypto Exploit PoC: https://gist.github.com/stypr/d6f69048e7a1098d9228bc3deccff465
RCE Exploit PoC: https://gist.github.com/stypr/c95d98f4a2ff754abe9dc50aac082916
Issues have been fixed by the vendor.
RCE Assigned KVE-2018-0441,0449 Crypto Assigned KVE-2018-0510
- KVE is Korean-version of CVE