diff --git a/adm/admin.head.php b/adm/admin.head.php
index bb78781cc..fc72857d2 100644
--- a/adm/admin.head.php
+++ b/adm/admin.head.php
@@ -87,6 +87,7 @@ if (!empty($_COOKIE['g5_admin_btn_gnb'])) {
 ?>
 
 <script>
+    var g5_admin_csrf_token_key = "<?php echo (function_exists('admin_csrf_token_key')) ? admin_csrf_token_key() : ''; ?>";
     var tempX = 0;
     var tempY = 0;
 
diff --git a/adm/admin.js b/adm/admin.js
index a013012ea..f6c0563c1 100644
--- a/adm/admin.js
+++ b/adm/admin.js
@@ -83,11 +83,13 @@ function delete_confirm2(msg)
 
 function get_ajax_token()
 {
-    var token = "";
+    var token = "",
+        admin_csrf_token_key = (typeof g5_admin_csrf_token_key !== "undefined") ? g5_admin_csrf_token_key : "";
 
     $.ajax({
         type: "POST",
         url: g5_admin_url+"/ajax.token.php",
+        data : {admin_csrf_token_key:admin_csrf_token_key},
         cache: false,
         async: false,
         dataType: "json",
diff --git a/adm/admin.lib.php b/adm/admin.lib.php
index 46c706378..728af6023 100644
--- a/adm/admin.lib.php
+++ b/adm/admin.lib.php
@@ -481,6 +481,18 @@ function check_admin_token()
     return true;
 }
 
+function admin_csrf_token_key($is_must=0){
+    global $member;
+
+    $key = '';
+
+    if($is_must || !((isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest'))){
+        $key = md5((isset($_SERVER['SERVER_SOFTWARE']) ? $_SERVER['SERVER_SOFTWARE'] : '').(defined('G5_TOKEN_ENCRYPTION_KEY') ? G5_TOKEN_ENCRYPTION_KEY : '').$member['mb_id'].$_SERVER['DOCUMENT_ROOT']);
+    }
+
+    return run_replace('admin_csrf_token_key', $key, $is_must);
+}
+
 // 관리자 페이지 referer 체크
 function admin_referer_check($return = false)
 {
diff --git a/adm/ajax.token.php b/adm/ajax.token.php
index 2e678cfaf..fa0cbcb24 100644
--- a/adm/ajax.token.php
+++ b/adm/ajax.token.php
@@ -3,6 +3,12 @@ require_once './_common.php';
 
 set_session('ss_admin_token', '');
 
+$admin_csrf_token_key = isset($_POST['admin_csrf_token_key']) ? $_POST['admin_csrf_token_key'] : '';
+
+if(function_exists('admin_csrf_token_key') && $admin_csrf_token_key !== admin_csrf_token_key(1)){
+    die(json_encode(array('error' => '토큰키 에러!', 'url' => G5_URL)));
+}
+
 $error = admin_referer_check(true);
 if ($error) {
     die(json_encode(array('error' => $error, 'url' => G5_URL)));
diff --git a/adm/board_copy.php b/adm/board_copy.php
index ccf0ba075..39a1de815 100644
--- a/adm/board_copy.php
+++ b/adm/board_copy.php
@@ -7,12 +7,13 @@ auth_check_menu($auth, $sub_menu, 'w');
 $g5['title'] = '게시판 복사';
 require_once G5_PATH . '/head.sub.php';
 
-$bo_table = $_REQUEST['bo_table'];
 if (empty($bo_table)) {
     alert_close("정상적인 방법으로 이용해주세요.");
 }
 ?>
-
+<script>
+    var g5_admin_csrf_token_key = "<?php echo (function_exists('admin_csrf_token_key')) ? admin_csrf_token_key() : ''; ?>";
+</script>
 <script src="<?php echo G5_ADMIN_URL ?>/admin.js?ver=<?php echo G5_JS_VER; ?>"></script>
 
 <div class="new_win">
diff --git a/adm/board_copy_update.php b/adm/board_copy_update.php
index 21c153c0a..3a3a81675 100644
--- a/adm/board_copy_update.php
+++ b/adm/board_copy_update.php
@@ -89,10 +89,10 @@ $sql = " insert into {$g5['board_table']}
                 bo_new = '{$board['bo_new']}',
                 bo_hot = '{$board['bo_hot']}',
                 bo_image_width = '{$board['bo_image_width']}',
-                bo_skin = '{$board['bo_skin']}',
-                bo_mobile_skin = '{$board['bo_mobile_skin']}',
-                bo_include_head = '{$board['bo_include_head']}',
-                bo_include_tail = '{$board['bo_include_tail']}',
+                bo_skin = '" . sql_real_escape_string($board['bo_skin']). "',
+                bo_mobile_skin = '" . sql_real_escape_string($board['bo_mobile_skin']). "',
+                bo_include_head = '" . sql_real_escape_string($board['bo_include_head']). "',
+                bo_include_tail = '" . sql_real_escape_string($board['bo_include_tail']). "',
                 bo_content_head = '" . addslashes($board['bo_content_head']) . "',
                 bo_content_tail = '" . addslashes($board['bo_content_tail']) . "',
                 bo_mobile_content_head = '" . addslashes($board['bo_mobile_content_head']) . "',
diff --git a/adm/board_form_update.php b/adm/board_form_update.php
index df676fa11..b1c9af12d 100644
--- a/adm/board_form_update.php
+++ b/adm/board_form_update.php
@@ -161,6 +161,10 @@ $bo_comment_min = isset($_POST['bo_comment_min']) ? (int) $_POST['bo_comment_min
 $bo_comment_max = isset($_POST['bo_comment_max']) ? (int) $_POST['bo_comment_max'] : 0;
 $bo_sort_field = isset($_POST['bo_sort_field']) ? clean_xss_tags($_POST['bo_sort_field'], 1, 1) : '';
 
+if (strpbrk($bo_skin.$bo_mobile_skin, "?%*:|\"<>") !== false) {
+    alert('스킨 디렉토리명 오류!');
+}
+
 $etcs = array();
 
 for ($i = 1; $i <= 10; $i++) {
diff --git a/extend/version.extend.php b/extend/version.extend.php
index 169d970ab..682640d54 100644
--- a/extend/version.extend.php
+++ b/extend/version.extend.php
@@ -2,7 +2,7 @@
 if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 
 // 자바스크립트와 CSS 파일을 새로 다운로드 하도록 파일의 끝에 년월일 지정
-// 예) https://도메인/css/default.css?ver=210618
-// 예) https://도메인/js/common.js?ver=210618
-define('G5_CSS_VER', '210618');
-define('G5_JS_VER',  '210618');
+// 예) https://도메인/css/default.css?ver=220620
+// 예) https://도메인/js/common.js?ver=220620
+define('G5_CSS_VER', '220620');
+define('G5_JS_VER',  '220620');
diff --git a/mobile/shop/orderaddress.php b/mobile/shop/orderaddress.php
index 66a28767e..e4fb04099 100644
--- a/mobile/shop/orderaddress.php
+++ b/mobile/shop/orderaddress.php
@@ -1,6 +1,8 @@
 <?php
 include_once('./_common.php');
 
+$order_action_url = G5_HTTPS_SHOP_URL.'/orderaddressupdate.php';
+
 // 테마에 orderaddress.php 있으면 include
 if(defined('G5_THEME_MSHOP_PATH')) {
     $theme_orderaddress_file = G5_THEME_MSHOP_PATH.'/orderaddress.php';
