diff --git a/adm/sms_admin/ajax.hp_chk.php b/adm/sms_admin/ajax.hp_chk.php
index 560257309..b0b29ac3d 100644
--- a/adm/sms_admin/ajax.hp_chk.php
+++ b/adm/sms_admin/ajax.hp_chk.php
@@ -1,4 +1,5 @@
 <?php
+$sub_menu = "900800";
 include_once("./_common.php");
 @include_once(G5_PLUGIN_PATH."/sms5/JSON.php");
 
@@ -9,6 +10,8 @@ if( !function_exists('json_encode') ) {
     }
 }
 
+auth_check($auth[$sub_menu], "r");
+
 $err = '';
 $arr_ajax_msg = array();
 $exist_hplist = array();
diff --git a/adm/sms_admin/ajax.sms_write_form.php b/adm/sms_admin/ajax.sms_write_form.php
index da3745c6b..9a7988129 100644
--- a/adm/sms_admin/ajax.sms_write_form.php
+++ b/adm/sms_admin/ajax.sms_write_form.php
@@ -1,4 +1,5 @@
 <?php
+$sub_menu = "900300";
 include_once("./_common.php");
 @include_once(G5_PLUGIN_PATH."/sms5/JSON.php");
 
diff --git a/adm/sms_admin/ajax.sms_write_group.php b/adm/sms_admin/ajax.sms_write_group.php
index 3e64577e4..702357183 100644
--- a/adm/sms_admin/ajax.sms_write_group.php
+++ b/adm/sms_admin/ajax.sms_write_group.php
@@ -1,4 +1,5 @@
 <?php
+$sub_menu = "900300";
 include_once("./_common.php");
 
 $colspan = 3;
diff --git a/adm/sms_admin/ajax.sms_write_level.php b/adm/sms_admin/ajax.sms_write_level.php
index 593236d8e..a298b113f 100644
--- a/adm/sms_admin/ajax.sms_write_level.php
+++ b/adm/sms_admin/ajax.sms_write_level.php
@@ -1,4 +1,5 @@
 <?php
+$sub_menu = "900300";
 include_once("./_common.php");
 @include_once(G5_PLUGIN_PATH."/sms5/JSON.php");
 
diff --git a/adm/sms_admin/ajax.sms_write_person.php b/adm/sms_admin/ajax.sms_write_person.php
index e11a329f4..686f4a8fa 100644
--- a/adm/sms_admin/ajax.sms_write_person.php
+++ b/adm/sms_admin/ajax.sms_write_person.php
@@ -1,4 +1,5 @@
 <?php
+$sub_menu = "900300";
 include_once("./_common.php");
 
 $page_size = 10;
diff --git a/adm/sms_admin/config.php b/adm/sms_admin/config.php
index 5283094a3..f1fd649d4 100644
--- a/adm/sms_admin/config.php
+++ b/adm/sms_admin/config.php
@@ -109,7 +109,7 @@ if ($config['cf_sms_use'] == 'icode') { // 아이코드 사용
         <th scope="row"><label for="cf_member">회원간 문자전송</label></th>
         <td>
             <?php echo help("허용에 체크하면 회원끼리 문자전송이 가능합니다.");?>
-            <input type="checkbox" name="cf_member" value="1" id="cf_member" <?php get_checked(1, $sms5['cf_member']); ?>> 허용
+            <input type="checkbox" name="cf_member" value="1" id="cf_member" <?php echo get_checked(1, $sms5['cf_member']); ?>> <label for="cf_member">허용</label>
         </td>
     </tr>
     <tr>
@@ -118,7 +118,7 @@ if ($config['cf_sms_use'] == 'icode') { // 아이코드 사용
             <?php echo help("문자전송을 허용할 회원레벨을 선택해주세요.");?>
             <select name="cf_level" id="cf_level">
                 <?php for ($i=1; $i<=10; $i++) { ?>
-                <option value="<?php echo $i?>"<?php get_selected($i, $sms5['cf_level']);?>> <?php echo $i?> </option>
+                <option value="<?php echo $i?>"<?php echo get_selected($i, $sms5['cf_level']);?>> <?php echo $i?> </option>
                 <?php } ?>
             </select>
             레벨 이상
diff --git a/adm/sms_admin/config_update.php b/adm/sms_admin/config_update.php
index 22fc6ea05..e89787730 100644
--- a/adm/sms_admin/config_update.php
+++ b/adm/sms_admin/config_update.php
@@ -20,7 +20,7 @@ $userinfo = array(
 if ($userinfo['code'] == '202')
     alert('아이코드 아이디와 패스워드가 맞지 않습니다.');
 
-if ($cf_member == 'on')
+if ($cf_member == '1')
     $cf_member = 1;
 else
     $cf_member = 0;
diff --git a/adm/sms_admin/history_list.php b/adm/sms_admin/history_list.php
index e4856f10f..193937878 100644
--- a/adm/sms_admin/history_list.php
+++ b/adm/sms_admin/history_list.php
@@ -30,9 +30,7 @@ include_once(G5_ADMIN_PATH.'/admin.head.php');
 <form name="search_form" id="search_form" action=<?php echo $_SERVER['PHP_SELF'];?> class="local_sch01 local_sch" method="get">
 
 <label for="st" class="sound_only">검색대상</label>
-<select name="st" id="st">
-    <option value="wr_message">메세지</option>
-</select>
+<input type="hidden" name="st" id="st" value="wr_message" >
 <label for="sv" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
 <input type="text" name="sv" value="<?php echo $sv ?>" id="sv" required class="required frm_input">
 <input type="submit" value="검색" class="btn_submit">
diff --git a/adm/sms_admin/history_send.php b/adm/sms_admin/history_send.php
index 5494c2e00..488e25db5 100644
--- a/adm/sms_admin/history_send.php
+++ b/adm/sms_admin/history_send.php
@@ -116,7 +116,7 @@ if ($result)
             $row['bk_hp'] = get_hp($row['bk_hp'], 1);
 
             $log = array_shift($SMS->Log);
-            sql_query("insert into {$g5['sms5_history_table']} set wr_no='$wr_no', wr_renum='$new_wr_renum', bg_no='{$row['bg_no']}', mb_id='{$row['mb_id']}', bk_no='{$row['bk_no']}', hs_name='{$row['hs_name']}', hs_hp='{$row['hs_hp']}', hs_datetime='".G5_TIME_YMDHIS."', hs_flag='$hs_flag', hs_code='$hs_code', hs_memo='$hs_memo', hs_log='$log'");
+            sql_query("insert into {$g5['sms5_history_table']} set wr_no='$wr_no', wr_renum='$new_wr_renum', bg_no='{$row['bg_no']}', mb_id='{$row['mb_id']}', bk_no='{$row['bk_no']}', hs_name='{$row['hs_name']}', hs_hp='{$row['hs_hp']}', hs_datetime='".G5_TIME_YMDHIS."', hs_flag='$hs_flag', hs_code='$hs_code', hs_memo='".addslashes($hs_memo)."', hs_log='".addslashes($log)."'");
         }
         $SMS->Init(); // 보관하고 있던 결과값을 지웁니다.
 
diff --git a/adm/sms_admin/history_view.php b/adm/sms_admin/history_view.php
index 58a5ed562..d65672290 100644
--- a/adm/sms_admin/history_view.php
+++ b/adm/sms_admin/history_view.php
@@ -239,7 +239,7 @@ function all_send()
     </div>
 </div>
 
-<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $spage, $total_spage, $_SERVER['PHP_SELF']."?wr_no=$wr_no&amp;wr_renum=$wr_renum&amp;page=$page&amp;st=$st&amp;sv=$sv&amp;sst=$sst&amp;ssv=$ssv&amp;spage="); ?>
+<?php echo sms5_sub_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $spage, $total_spage, $_SERVER['PHP_SELF']."?wr_no=$wr_no&amp;wr_renum=$wr_renum&amp;page=$page&amp;st=$st&amp;sv=$sv&amp;sst=$sst&amp;ssv=$ssv", "", "spage"); ?>
 
 <?php
 include_once(G5_ADMIN_PATH.'/admin.tail.php');
diff --git a/adm/sms_admin/install.php b/adm/sms_admin/install.php
index 9ea6f2255..1d63070be 100644
--- a/adm/sms_admin/install.php
+++ b/adm/sms_admin/install.php
@@ -1,4 +1,5 @@
 <?php
+$sub_menu = "900000";
 include_once("./_common.php");
 
 auth_check($auth[$sub_menu], 'r');
diff --git a/adm/sms_admin/num_book_file_upload.php b/adm/sms_admin/num_book_file_upload.php
index f4596be41..c1fa4cdda 100644
--- a/adm/sms_admin/num_book_file_upload.php
+++ b/adm/sms_admin/num_book_file_upload.php
@@ -98,7 +98,7 @@ for ($i = 1; $i <= $num_rows; $i++) {
             } 
             else if (!$confirm && $hp) 
             {
-                sql_query("insert into {$g5['sms5_book_table']} set bg_no='$bg_no', bk_name='$name', bk_hp='$hp', bk_receipt=1, bk_datetime='".G5_TIME_YMDHIS."'");
+                sql_query("insert into {$g5['sms5_book_table']} set bg_no='$bg_no', bk_name='".addslashes($name)."', bk_hp='$hp', bk_receipt=1, bk_datetime='".G5_TIME_YMDHIS."'");
                 sql_query("update {$g5['sms5_book_group_table']} set bg_count = bg_count + 1, bg_nomember = bg_nomember + 1, bg_receipt = bg_receipt + 1 where bg_no='$bg_no'");
                 $success++;
             }
diff --git a/adm/sms_admin/num_book_update.php b/adm/sms_admin/num_book_update.php
index 40eec9f4f..578c482df 100644
--- a/adm/sms_admin/num_book_update.php
+++ b/adm/sms_admin/num_book_update.php
@@ -46,7 +46,7 @@ if ($w=='u') // 업데이트
             sql_query("update {$g5['sms5_book_group_table']} set bg_receipt = bg_receipt - 1, bg_reject = bg_reject + 1 where bg_no='$bg_no'");
     }
 
-    sql_query("update {$g5['sms5_book_table']} set bg_no='$bg_no', bk_name='$bk_name', bk_hp='$bk_hp', bk_receipt='$bk_receipt', bk_datetime='".G5_TIME_YMDHIS."', bk_memo='$bk_memo' where bk_no='$bk_no'");
+    sql_query("update {$g5['sms5_book_table']} set bg_no='$bg_no', bk_name='$bk_name', bk_hp='$bk_hp', bk_receipt='$bk_receipt', bk_datetime='".G5_TIME_YMDHIS."', bk_memo='".addslashes($bk_memo)."' where bk_no='$bk_no'");
     if ($res['mb_id']){ //만약에 mb_id가 있다면...
         // 휴대폰번호 중복체크
         $sql = " select mb_id from {$g5['member_table']} where mb_id <> '{$res['mb_id']}' and mb_hp = '{$bk_hp}' ";
@@ -54,7 +54,7 @@ if ($w=='u') // 업데이트
         if ($mb_hp_exist['mb_id']) { //중복된 회원 휴대폰번호가 있다면
             $is_hp_exist = true;
         } else {
-             sql_query("update {$g5['member_table']} set mb_name='$bk_name', mb_hp='$bk_hp', mb_sms='$bk_receipt' where mb_id='{$res['mb_id']}'", false);
+             sql_query("update {$g5['member_table']} set mb_name='".addslashes($bk_name)."', mb_hp='$bk_hp', mb_sms='$bk_receipt' where mb_id='{$res['mb_id']}'", false);
         }
     }
     $get_bg_no = $bg_no;
@@ -126,7 +126,7 @@ else // 등록
     else
         $sql_sms = "bg_reject = bg_reject + 1";
 
-    sql_query("insert into {$g5['sms5_book_table']} set bg_no='$bg_no', bk_name='$bk_name', bk_hp='$bk_hp', bk_receipt='$bk_receipt', bk_datetime='".G5_TIME_YMDHIS."', bk_memo='$bk_memo'");
+    sql_query("insert into {$g5['sms5_book_table']} set bg_no='$bg_no', bk_name='".addslashes($bk_name)."', bk_hp='$bk_hp', bk_receipt='$bk_receipt', bk_datetime='".G5_TIME_YMDHIS."', bk_memo='".addslashes($bk_memo)."'");
     sql_query("update {$g5['sms5_book_group_table']} set bg_count = bg_count + 1, bg_nomember = bg_nomember + 1, $sql_sms where bg_no = '$bg_no'");
 
     $get_bg_no = $bg_no;
diff --git a/adm/sms_admin/num_group_update.php b/adm/sms_admin/num_group_update.php
index 3f7cc9990..ea9af2423 100644
--- a/adm/sms_admin/num_group_update.php
+++ b/adm/sms_admin/num_group_update.php
@@ -27,7 +27,7 @@ if ($w == 'u') // 업데이트
         if ($res)
             alert('같은 그룹명이 존재합니다.');
 
-        sql_query("update {$g5['sms5_book_group_table']} set bg_name='$bg_name' where bg_no='$bg_no'");
+        sql_query("update {$g5['sms5_book_group_table']} set bg_name='".addslashes($bg_name)."' where bg_no='$bg_no'");
     }
 }
 else if ($w == 'de') // 그룹삭제
@@ -70,7 +70,7 @@ else // 등록
     if ($res)
         alert('같은 그룹명이 존재합니다.');
 
-    sql_query("insert into {$g5['sms5_book_group_table']} set bg_name='$bg_name'");
+    sql_query("insert into {$g5['sms5_book_group_table']} set bg_name='".addslashes($bg_name)."'");
 }
 
 goto_url('./num_group.php');
diff --git a/adm/sms_admin/sms_write_form.php b/adm/sms_admin/sms_write_form.php
index 298d9f1ff..23435005a 100644
--- a/adm/sms_admin/sms_write_form.php
+++ b/adm/sms_admin/sms_write_form.php
@@ -13,7 +13,7 @@ $no_count = $res['cnt'];
     <label for="emo_sel" class="sound_only">이모티콘 그룹</label>
     <select name="fg_no" id="emo_sel">
         <option value=""<?php echo get_selected('', $fg_no); ?>> 전체 </option>
-        <option value="0"<?php echo get_selected(0, $fg_no); ?>> 미분류 (<?php echo number_format($no_count)?>) </option>
+        <option value="0"<?php echo get_selected('0', $fg_no); ?>> 미분류 (<?php echo number_format($no_count)?>) </option>
         <?php for($i=0; $i<count($group); $i++) {?>
         <option value="<?php echo $group[$i]['fg_no']?>"<?php echo get_selected($fg_no, $group[$i]['fg_no']);?>> <?php echo $group[$i]['fg_name']?> (<?php echo number_format($group[$i]['fg_count'])?>) </option>
         <?php } ?>
diff --git a/adm/sms_admin/sms_write_send.php b/adm/sms_admin/sms_write_send.php
index 0276553a8..6eb1770e9 100644
--- a/adm/sms_admin/sms_write_send.php
+++ b/adm/sms_admin/sms_write_send.php
@@ -134,6 +134,7 @@ $SMS = new SMS5;
 $SMS->SMS_con($config['cf_icode_server_ip'], $config['cf_icode_id'], $config['cf_icode_pw'], $config['cf_icode_server_port']);
 
 $reply = str_replace('-', '', trim($wr_reply));
+$wr_message = str_replace('\r\n', PHP_EOL, $wr_message); // common.php 에서 mysql_real_escape_string 함수로 인해 수정
 
 $result = $SMS->Add($list, $reply, '', '', $wr_message, $booking, $wr_total);
 
@@ -198,6 +199,7 @@ if ($result)
             $row['bk_hp'] = get_hp($row['bk_hp'], 1);
 
             $log = array_shift($SMS->Log);
+
             sql_query("insert into {$g5['sms5_history_table']} set wr_no='$wr_no', wr_renum=0, bg_no='{$row['bg_no']}', mb_id='{$row['mb_id']}', bk_no='{$row['bk_no']}', hs_name='".addslashes($row['bk_name'])."', hs_hp='{$row['bk_hp']}', hs_datetime='".G5_TIME_YMDHIS."', hs_flag='$hs_flag', hs_code='$hs_code', hs_memo='".addslashes($hs_memo)."', hs_log='".addslashes(stripslashes($log))."'");
         }
         $SMS->Init(); // 보관하고 있던 결과값을 지웁니다.
diff --git a/plugin/sms5/sms5.lib.php b/plugin/sms5/sms5.lib.php
index 7ff5fc61d..7db95a0f6 100644
--- a/plugin/sms5/sms5.lib.php
+++ b/plugin/sms5/sms5.lib.php
@@ -20,6 +20,46 @@ function get_sms5_skin_select($skin_gubun, $id, $name, $selected='', $event='')
     return $str;
 }
 
+// 한페이지에 보여줄 행, 현재페이지, 총페이지수, URL
+function sms5_sub_paging($write_pages, $cur_page, $total_page, $url, $add="", $starget="")
+{
+    if( $starget ){
+        $url = preg_replace('#&amp;'.$starget.'=[0-9]*#', '', $url) . '&amp;'.$starget.'=';
+    }
+    
+    $str = '';
+    if ($cur_page > 1) {
+        $str .= '<a href="'.$url.'1'.$add.'" class="pg_page pg_start">처음</a>'.PHP_EOL;
+    }
+
+    $start_page = ( ( (int)( ($cur_page - 1 ) / $write_pages ) ) * $write_pages ) + 1;
+    $end_page = $start_page + $write_pages - 1;
+
+    if ($end_page >= $total_page) $end_page = $total_page;
+
+    if ($start_page > 1) $str .= '<a href="'.$url.($start_page-1).$add.'" class="pg_page pg_prev">이전</a>'.PHP_EOL;
+
+    if ($total_page > 1) {
+        for ($k=$start_page;$k<=$end_page;$k++) {
+            if ($cur_page != $k)
+                $str .= '<a href="'.$url.$k.$add.'" class="pg_page">'.$k.'<span class="sound_only">페이지</span></a>'.PHP_EOL;
+            else
+                $str .= '<span class="sound_only">열린</span><strong class="pg_current">'.$k.'</strong><span class="sound_only">페이지</span>'.PHP_EOL;
+        }
+    }
+
+    if ($total_page > $end_page) $str .= '<a href="'.$url.($end_page+1).$add.'" class="pg_page pg_next">다음</a>'.PHP_EOL;
+
+    if ($cur_page < $total_page) {
+        $str .= '<a href="'.$url.$total_page.$add.'" class="pg_page pg_end">맨끝</a>'.PHP_EOL;
+    }
+
+    if ($str)
+        return "<nav class=\"pg_wrap\"><span class=\"pg\">{$str}</span></nav>";
+    else
+        return "";
+}
+
 if ( ! function_exists('array_overlap')) {
     function array_overlap($arr, $val) {
         for ($i=0, $m=count($arr); $i<$m; $i++) {
diff --git a/plugin/sms5/write_update.php b/plugin/sms5/write_update.php
index 735004fc7..ec105c3b0 100644
--- a/plugin/sms5/write_update.php
+++ b/plugin/sms5/write_update.php
@@ -91,6 +91,7 @@ if ($mh_by && $mh_bm && $mh_bd && $mh_bh && $mh_bi) {
 $SMS = new SMS5;
 $SMS->SMS_con($config['cf_icode_server_ip'], $config['cf_icode_id'], $config['cf_icode_pw'], $config['cf_icode_server_port']);
 
+$wr_message = str_replace('\r\n', PHP_EOL, $wr_message); // common.php 에서 mysql_real_escape_string 함수로 인해 수정
 $result = $SMS->Add($mh_hp, $mh_reply, '', '', $mh_message, $booking, $total);
 
 $is_success = null;