diff --git a/adm/qa_config_update.php b/adm/qa_config_update.php
index 9f5869073..1f4f7d82c 100644
--- a/adm/qa_config_update.php
+++ b/adm/qa_config_update.php
@@ -61,9 +61,17 @@ if( function_exists('filter_input_include_path') ){
     $qa_include_tail = filter_input_include_path($qa_include_tail);
 }
 
+// 분류에 & 나 = 는 사용이 불가하므로 2바이트로 바꾼다.
+$src_char = array('&', '=');
+$dst_char = array('＆', '〓');
+$qa_category = str_replace($src_char, $dst_char, $_POST['qa_category']);
+
+//https://github.com/gnuboard/gnuboard5/commit/f5f4925d4eb28ba1af728e1065fc2bdd9ce1da58 에 따른 조치
+$qa_category = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\/\^\*]/", "", $qa_category);
+
 $sql = " update {$g5['qa_config_table']}
             set qa_title                = '{$_POST['qa_title']}',
-                qa_category             = '{$_POST['qa_category']}',
+                qa_category             = '{$qa_category}',
                 qa_skin                 = '{$_POST['qa_skin']}',
                 qa_mobile_skin          = '{$_POST['qa_mobile_skin']}',
                 qa_use_email            = '{$_POST['qa_use_email']}',
diff --git a/bbs/qadelete.php b/bbs/qadelete.php
index 3ce8580bd..af92640eb 100644
--- a/bbs/qadelete.php
+++ b/bbs/qadelete.php
@@ -45,7 +45,7 @@ for($i=0; $i<$count; $i++) {
 
     // 첨부파일 삭제
     for($k=1; $k<=2; $k++) {
-        @unlink(G5_DATA_PATH.'/qa/'.$row['qa_file'.$k]);
+        @unlink(G5_DATA_PATH.'/qa/'.clean_relative_paths($row['qa_file'.$k]));
         // 썸네일삭제
         if(preg_match("/\.({$config['cf_image_extension']})$/i", $row['qa_file'.$k])) {
             delete_qa_thumbnail($row['qa_file'.$k]);
@@ -60,7 +60,7 @@ for($i=0; $i<$count; $i++) {
         $row2 = sql_fetch(" select qa_content, qa_file1, qa_file2 from {$g5['qa_content_table']} where qa_parent = '$qa_id' ");
         // 첨부파일 삭제
         for($k=1; $k<=2; $k++) {
-            @unlink(G5_DATA_PATH.'/qa/'.$row2['qa_file'.$k]);
+            @unlink(G5_DATA_PATH.'/qa/'.clean_relative_paths($row2['qa_file'.$k]));
             // 썸네일삭제
             if(preg_match("/\.({$config['cf_image_extension']})$/i", $row2['qa_file'.$k])) {
                 delete_qa_thumbnail($row2['qa_file'.$k]);
diff --git a/bbs/qawrite_update.php b/bbs/qawrite_update.php
index 021cd3d4d..ab0b9b3a7 100644
--- a/bbs/qawrite_update.php
+++ b/bbs/qawrite_update.php
@@ -157,7 +157,7 @@ for ($i=1; $i<=$upload_count; $i++) {
     // 삭제에 체크가 되어있다면 파일을 삭제합니다.
     if (isset($_POST['bf_file_del'][$i]) && $_POST['bf_file_del'][$i]) {
         $upload[$i]['del_check'] = true;
-        @unlink(G5_DATA_PATH.'/qa/'.$write['qa_file'.$i]);
+        @unlink(G5_DATA_PATH.'/qa/'.clean_relative_paths($write['qa_file'.$i]));
         // 썸네일삭제
         if(preg_match("/\.({$config['cf_image_extension']})$/i", $write['qa_file'.$i])) {
             delete_qa_thumbnail($write['qa_file'.$i]);
@@ -204,7 +204,7 @@ for ($i=1; $i<=$upload_count; $i++) {
 
         if ($w == 'u') {
             // 존재하는 파일이 있다면 삭제합니다.
-            @unlink(G5_DATA_PATH.'/qa/'.$write['qa_file'.$i]);
+            @unlink(G5_DATA_PATH.'/qa/'.clean_relative_paths($write['qa_file'.$i]));
             // 이미지파일이면 썸네일삭제
             if(preg_match("/\.({$config['cf_image_extension']})$/i", $write['qa_file'.$i])) {
                 delete_qa_thumbnail($row['qa_file'.$i]);
@@ -244,7 +244,7 @@ if($w == '' || $w == 'a' || $w == 'r') {
         $qa_num = $write['qa_num'];
         $qa_parent = $write['qa_id'];
         $qa_related = $write['qa_related'];
-        $qa_category = $write['qa_category'];
+        $qa_category = addslashes($write['qa_category']);
         $qa_type = 1;
         $qa_status = 1;
     }