diff --git a/adm/sms_admin/history_send.php b/adm/sms_admin/history_send.php
index 5f6b468b7..a28d981fe 100644
--- a/adm/sms_admin/history_send.php
+++ b/adm/sms_admin/history_send.php
@@ -67,7 +67,7 @@ if ($result)
 
     if ($result) //SMS 서버에 접속했습니다.
     {
-        sql_query("insert into {$g5['sms5_write_table']} set wr_no='$wr_no', wr_renum='$new_wr_renum', wr_reply='{$write['wr_reply']}', wr_message='{$write['wr_message']}', wr_total='$wr_total', wr_datetime='".G5_TIME_YMDHIS."'");
+        sql_query("insert into {$g5['sms5_write_table']} set wr_no='$wr_no', wr_renum='$new_wr_renum', wr_reply='".addslashes($write['wr_reply'])."', wr_message='".addslashes($write['wr_message'])."', wr_total='$wr_total', wr_datetime='".G5_TIME_YMDHIS."'");
 
         $wr_success = 0;
         $wr_failure = 0;
diff --git a/adm/sms_admin/sms_write.php b/adm/sms_admin/sms_write.php
index ee98ee8b4..89ec40562 100644
--- a/adm/sms_admin/sms_write.php
+++ b/adm/sms_admin/sms_write.php
@@ -238,6 +238,8 @@ function sms5_chk_send(f)
         var hp_list = document.getElementById('hp_list');
         var wr_message = document.getElementById('wr_message');
         var hp_number = document.getElementById('hp_number');
+        var wr_reply = document.getElementById('wr_reply');
+        var wr_reply_regExp = /^[0-9\-]+$/;
         var list = '';
 
         if (!wr_message.value) {
@@ -246,7 +248,12 @@ function sms5_chk_send(f)
             is_sms5_submitted = false;
             return false;
         }
-
+        if( !wr_reply_regExp.test(wr_reply.value) ){
+            alert('회신번호 형식이 잘못 되었습니다.');
+            wr_reply.focus();
+            is_sms5_submitted = false;
+            return false;
+        }
         if (hp_list.length < 1) {
             alert('받는 사람을 입력해주세요.');
             hp_number.focus();
diff --git a/adm/sms_admin/sms_write_send.php b/adm/sms_admin/sms_write_send.php
index c59301258..45646ffec 100644
--- a/adm/sms_admin/sms_write_send.php
+++ b/adm/sms_admin/sms_write_send.php
@@ -6,10 +6,13 @@ auth_check($auth[$sub_menu], "w");
 
 $g5['title'] = "문자전송중";
 
-if (!trim($wr_reply))
-    win_close_alert('회신 번호를 입력해주세요.');
+$wr_reply   = preg_replace('#[^0-9\-]#', '', trim($wr_reply));
+$wr_message = clean_xss_tags(trim($wr_message));
 
-if (!trim($wr_message))
+if (!$wr_reply)
+    win_close_alert('회신 번호를 숫자, - 로 입력해주세요.');
+
+if (!$wr_message)
     win_close_alert('메세지를 입력해주세요.');
 
 if (!trim($send_list))
diff --git a/plugin/sms5/write_update.php b/plugin/sms5/write_update.php
index a25e50b7b..6db482697 100644
--- a/plugin/sms5/write_update.php
+++ b/plugin/sms5/write_update.php
@@ -15,10 +15,13 @@ if (!$is_member)
 if ($member['mb_level'] < $sms5['cf_level'])
     alert("회원 {$sms5['cf_level']}레벨 이상만 문자전송이 가능합니다.");
 
-if (!trim($mh_reply))
+$mh_reply   = preg_replace('#[^0-9\-]#', '', trim($mh_reply));
+$mh_message = clean_xss_tags(trim($mh_message));
+
+if (!$mh_reply)
     alert('보내는 번호를 입력해주세요.');
 
-if (!trim($mh_message))
+if (!$mh_message)
     alert('메세지를 입력해주세요.');
 
 if ($is_admin != 'super')