diff --git a/adm/admin.lib.php b/adm/admin.lib.php
index 7b5125e8c..0ab44f72c 100644
--- a/adm/admin.lib.php
+++ b/adm/admin.lib.php
@@ -477,7 +477,7 @@ function admin_check_xss_params($params){
 
         if( is_array($value) ){
             admin_check_xss_params($value);
-        } else if ( preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && (preg_match('/script.*?\/script/ius', $value) || preg_match('/onload=.*/ius', $value)) ){
+        } else if ( preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && (preg_match('/script.*?\/script/ius', $value) || preg_match('/[onload|onerror]=.*/ius', $value)) ){
             alert('요청 쿼리에 잘못된 스크립트문장이 있습니다.\\nXSS 공격일수도 있습니다.');
             die();
         }
diff --git a/adm/board_list_update.php b/adm/board_list_update.php
index 90a1c5d33..a7f358c1f 100644
--- a/adm/board_list_update.php
+++ b/adm/board_list_update.php
@@ -30,18 +30,18 @@ if ($_POST['act_button'] == "선택수정") {
         }
 
         $sql = " update {$g5['board_table']}
-                    set gr_id               = '".sql_real_escape_string($_POST['gr_id'][$k])."',
-                        bo_subject          = '".sql_real_escape_string($_POST['bo_subject'][$k])."',
-                        bo_device           = '".sql_real_escape_string($_POST['bo_device'][$k])."',
-                        bo_skin             = '".sql_real_escape_string($_POST['bo_skin'][$k])."',
-                        bo_mobile_skin      = '".sql_real_escape_string($_POST['bo_mobile_skin'][$k])."',
-                        bo_read_point       = '".sql_real_escape_string($_POST['bo_read_point'][$k])."',
-                        bo_write_point      = '".sql_real_escape_string($_POST['bo_write_point'][$k])."',
-                        bo_comment_point    = '".sql_real_escape_string($_POST['bo_comment_point'][$k])."',
-                        bo_download_point   = '".sql_real_escape_string($_POST['bo_download_point'][$k])."',
-                        bo_use_search       = '".sql_real_escape_string($_POST['bo_use_search'][$k])."',
-                        bo_use_sns          = '".sql_real_escape_string($_POST['bo_use_sns'][$k])."',
-                        bo_order            = '".sql_real_escape_string($_POST['bo_order'][$k])."'
+                    set gr_id               = '".sql_real_escape_string(strip_tags($_POST['gr_id'][$k]))."',
+                        bo_subject          = '".sql_real_escape_string(strip_tags($_POST['bo_subject'][$k]))."',
+                        bo_device           = '".sql_real_escape_string(strip_tags($_POST['bo_device'][$k]))."',
+                        bo_skin             = '".sql_real_escape_string(strip_tags($_POST['bo_skin'][$k]))."',
+                        bo_mobile_skin      = '".sql_real_escape_string(strip_tags($_POST['bo_mobile_skin'][$k]))."',
+                        bo_read_point       = '".sql_real_escape_string(strip_tags($_POST['bo_read_point'][$k]))."',
+                        bo_write_point      = '".sql_real_escape_string(strip_tags($_POST['bo_write_point'][$k]))."',
+                        bo_comment_point    = '".sql_real_escape_string(strip_tags($_POST['bo_comment_point'][$k]))."',
+                        bo_download_point   = '".sql_real_escape_string(strip_tags($_POST['bo_download_point'][$k]))."',
+                        bo_use_search       = '".sql_real_escape_string(strip_tags($_POST['bo_use_search'][$k]))."',
+                        bo_use_sns          = '".sql_real_escape_string(strip_tags($_POST['bo_use_sns'][$k]))."',
+                        bo_order            = '".sql_real_escape_string(strip_tags($_POST['bo_order'][$k]))."'
                   where bo_table            = '".sql_real_escape_string($_POST['board_table'][$k])."' ";
 
         sql_query($sql);
diff --git a/adm/config_form.php b/adm/config_form.php
index 1193a7b7f..738e0cdea 100644
--- a/adm/config_form.php
+++ b/adm/config_form.php
@@ -1317,7 +1317,7 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) {
                 <label for="cf_<?php echo $i ?>_subj">여분필드<?php echo $i ?> 제목</label>
                 <input type="text" name="cf_<?php echo $i ?>_subj" value="<?php echo get_text($config['cf_'.$i.'_subj']) ?>" id="cf_<?php echo $i ?>_subj" class="frm_input" size="30">
                 <label for="cf_<?php echo $i ?>">여분필드<?php echo $i ?> 값</label>
-                <input type="text" name="cf_<?php echo $i ?>" value="<?php echo get_sanitize_input($config['cf_'.$i]); ?>" id="cf_<?php echo $i ?>" class="frm_input" size="30">
+                <input type="text" name="cf_<?php echo $i ?>" value="<?php echo get_sanitize_input($config['cf_'.$i]); ?>" id="cf_<?php echo $i ?>" class="frm_input extra-value-input" size="30">
             </td>
         </tr>
         <?php } ?>
diff --git a/adm/config_form_update.php b/adm/config_form_update.php
index 533782c7a..f8ebc22fa 100644
--- a/adm/config_form_update.php
+++ b/adm/config_form_update.php
@@ -28,7 +28,7 @@ $cf_social_servicelist = !empty($_POST['cf_social_servicelist']) ? implode(',',
 
 $_POST['cf_title'] = strip_tags($_POST['cf_title']);
 
-$check_keys = array('cf_lg_mid', 'cf_lg_mert_key', 'cf_cert_kcb_cd', 'cf_cert_kcp_cd', 'cf_editor', 'cf_recaptcha_site_key', 'cf_recaptcha_secret_key');
+$check_keys = array('cf_lg_mid', 'cf_lg_mert_key', 'cf_cert_kcb_cd', 'cf_cert_kcp_cd', 'cf_editor', 'cf_recaptcha_site_key', 'cf_recaptcha_secret_key', 'cf_naver_clientid', 'cf_naver_secret', 'cf_facebook_appid', 'cf_facebook_secret', 'cf_twitter_key', 'cf_twitter_secret', 'cf_google_clientid', 'cf_google_secret', 'cf_googl_shorturl_apikey', 'cf_kakao_rest_key', 'cf_kakao_client_secret', 'cf_kakao_js_apikey', 'cf_payco_clientid', 'cf_payco_secret');
 
 foreach( $check_keys as $key ){
     if ( isset($_POST[$key]) && $_POST[$key] ){
diff --git a/adm/contentform.php b/adm/contentform.php
index 6217e4603..4abe574d9 100644
--- a/adm/contentform.php
+++ b/adm/contentform.php
@@ -86,11 +86,11 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
     </tr>
     <tr>
         <th scope="row">내용</th>
-        <td><?php echo editor_html('co_content', get_text($co['co_content'], 0)); ?></td>
+        <td><?php echo editor_html('co_content', get_text(html_purifier($co['co_content']), 0)); ?></td>
     </tr>
     <tr>
         <th scope="row">모바일 내용</th>
-        <td><?php echo editor_html('co_mobile_content', get_text($co['co_mobile_content'], 0)); ?></td>
+        <td><?php echo editor_html('co_mobile_content', get_text(html_purifier($co['co_mobile_content']), 0)); ?></td>
     </tr>
     <tr>
         <th scope="row"><label for="co_skin">스킨 디렉토리<strong class="sound_only">필수</strong></label></th>
@@ -104,6 +104,7 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
             <?php echo get_mobile_skin_select('content', 'co_mobile_skin', 'co_mobile_skin', $co['co_mobile_skin'], 'required'); ?>
         </td>
     </tr>
+    <!--
     <tr>
         <th scope="row"><label for="co_tag_filter_use">태그 필터링 사용</label></th>
         <td>
@@ -114,6 +115,7 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
             </select>
         </td>
     </tr>
+    -->
     <tr>
         <th scope="row"><label for="co_include_head">상단 파일 경로</label></th>
         <td>
diff --git a/adm/contentformupdate.php b/adm/contentformupdate.php
index 69f82f0b0..d9c699b57 100644
--- a/adm/contentformupdate.php
+++ b/adm/contentformupdate.php
@@ -24,6 +24,7 @@ $co_id = preg_replace('/[^a-z0-9_]/i', '', $co_id);
 $co_subject = strip_tags($co_subject);
 $co_include_head = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($co_include_head, 0, 255));
 $co_include_tail = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($co_include_tail, 0, 255));
+$co_tag_filter_use = isset($_POST['co_tag_filter_use']) ? (int) $_POST['co_tag_filter_use'] : 1;
 
 // 관리자가 자동등록방지를 사용해야 할 경우
 if (($co_row['co_include_head'] !== $co_include_head || $co_row['co_include_tail'] !== $co_include_tail) && function_exists('get_admin_captcha_by') && get_admin_captcha_by()){
diff --git a/adm/css/admin.css b/adm/css/admin.css
index 2f6e6e11c..1b0daa7a6 100644
--- a/adm/css/admin.css
+++ b/adm/css/admin.css
@@ -406,8 +406,8 @@ tfoot th {}
 #anc_bo_extra label {display:inline-block;width:100px}
 #anc_bo_extra input {margin-right:10px}
 
-/* 게시판 여분필드 값 input style 로빈아빠님 제안 */
-#anc_bo_extra input.extra-value-input {width:calc(100% - 370px);}
+/* 환경설정 및 게시판 여분필드 값 input style 로빈아빠님 제안 */
+#anc_bo_extra input.extra-value-input, #anc_cf_extra input.extra-value-input{width:calc(100% - 370px);}
 
 /* 접속자집계 목록 */
 .tbl_visit_list td {text-align:center}
diff --git a/adm/member_form_update.php b/adm/member_form_update.php
index 01975c8ec..c6791d254 100644
--- a/adm/member_form_update.php
+++ b/adm/member_form_update.php
@@ -120,6 +120,28 @@ else if ($w == 'u')
     if ($row['mb_id'])
         alert('이미 존재하는 이메일입니다.\\nＩＤ : '.$row['mb_id'].'\\n이름 : '.$row['mb_name'].'\\n닉네임 : '.$row['mb_nick'].'\\n메일 : '.$row['mb_email']);
 
+    if ($mb_password)
+        $sql_password = " , mb_password = '".get_encrypt_string($mb_password)."' ";
+    else
+        $sql_password = "";
+
+    if ($passive_certify)
+        $sql_certify = " , mb_email_certify = '".G5_TIME_YMDHIS."' ";
+    else
+        $sql_certify = "";
+
+    $sql = " update {$g5['member_table']}
+                set {$sql_common}
+                     {$sql_password}
+                     {$sql_certify}
+                where mb_id = '{$mb_id}' ";
+    sql_query($sql);
+}
+else
+    alert('제대로 된 값이 넘어오지 않았습니다.');
+
+if( $w == '' || $w == 'u' ){
+
     $mb_dir = substr($mb_id,0,2);
 
     // 회원 아이콘 삭제
@@ -212,26 +234,7 @@ else if ($w == 'u')
             }
         }
     }
-
-    if ($mb_password)
-        $sql_password = " , mb_password = '".get_encrypt_string($mb_password)."' ";
-    else
-        $sql_password = "";
-
-    if ($passive_certify)
-        $sql_certify = " , mb_email_certify = '".G5_TIME_YMDHIS."' ";
-    else
-        $sql_certify = "";
-
-    $sql = " update {$g5['member_table']}
-                set {$sql_common}
-                     {$sql_password}
-                     {$sql_certify}
-                where mb_id = '{$mb_id}' ";
-    sql_query($sql);
 }
-else
-    alert('제대로 된 값이 넘어오지 않았습니다.');
 
 goto_url('./member_form.php?'.$qstr.'&amp;w=u&amp;mb_id='.$mb_id, false);
 ?>
\ No newline at end of file
diff --git a/adm/menu_list.php b/adm/menu_list.php
index 4a6c25127..4ff7db524 100644
--- a/adm/menu_list.php
+++ b/adm/menu_list.php
@@ -76,7 +76,7 @@ $colspan = 7;
         <td class="td_category<?php echo $sub_menu_class; ?>">
             <input type="hidden" name="code[]" value="<?php echo substr($row['me_code'], 0, 2) ?>">
             <label for="me_name_<?php echo $i; ?>" class="sound_only"><?php echo $sub_menu_info; ?> 메뉴<strong class="sound_only"> 필수</strong></label>
-            <input type="text" name="me_name[]" value="<?php echo $me_name; ?>" id="me_name_<?php echo $i; ?>" required class="required tbl_input full_input">
+            <input type="text" name="me_name[]" value="<?php echo get_sanitize_input($me_name); ?>" id="me_name_<?php echo $i; ?>" required class="required tbl_input full_input">
         </td>
         <td>
             <label for="me_link_<?php echo $i; ?>" class="sound_only">링크<strong class="sound_only"> 필수</strong></label>
diff --git a/adm/menu_list_update.php b/adm/menu_list_update.php
index 3aaf18b11..a91b4897f 100644
--- a/adm/menu_list_update.php
+++ b/adm/menu_list_update.php
@@ -21,8 +21,8 @@ for ($i=0; $i<$count; $i++)
 {
     $_POST = array_map_deep('trim', $_POST);
 
-    $code    = $_POST['code'][$i];
-    $me_name = $_POST['me_name'][$i];
+    $code    = strip_tags($_POST['code'][$i]);
+    $me_name = strip_tags($_POST['me_name'][$i]);
     $me_link = (preg_match('/^javascript/i', $_POST['me_link'][$i]) || preg_match('/script:/i', $_POST['me_link'][$i])) ? G5_URL : strip_tags($_POST['me_link'][$i]);
     
     if(!$code || !$me_name || !$me_link)
@@ -59,10 +59,10 @@ for ($i=0; $i<$count; $i++)
                 set me_code         = '$me_code',
                     me_name         = '$me_name',
                     me_link         = '$me_link',
-                    me_target       = '{$_POST['me_target'][$i]}',
-                    me_order        = '{$_POST['me_order'][$i]}',
-                    me_use          = '{$_POST['me_use'][$i]}',
-                    me_mobile_use   = '{$_POST['me_mobile_use'][$i]}' ";
+                    me_target       = '".sql_real_escape_string(strip_tags($_POST['me_target'][$i]))."',
+                    me_order        = '".sql_real_escape_string(strip_tags($_POST['me_order'][$i]))."',
+                    me_use          = '".sql_real_escape_string(strip_tags($_POST['me_use'][$i]))."',
+                    me_mobile_use   = '".sql_real_escape_string(strip_tags($_POST['me_mobile_use'][$i]))."' ";
     sql_query($sql);
 }
 
diff --git a/adm/sms_admin/history_view.php b/adm/sms_admin/history_view.php
index 498d7fe03..43e144fa4 100644
--- a/adm/sms_admin/history_view.php
+++ b/adm/sms_admin/history_view.php
@@ -131,22 +131,22 @@ function all_send()
     <tr>
         <td><?php echo $re_vnum--?></td>
         <!-- <td><input type=checkbox></td> -->
-        <!-- <td><?php echo $res[wr_message]; ?></span></td>-->
-        <!-- <td><?php echo $res[wr_reply]; ?></td>-->
+        <!-- <td><?php echo $res['wr_message']; ?></span></td>-->
+        <!-- <td><?php echo $res['wr_reply']; ?></td>-->
         <td><?php echo $res['wr_datetime']?></td>
         <td><?php echo number_format($res['wr_total'])?></td>
         <td><?php echo number_format($res['wr_success'])?></td>
         <td><?php echo number_format($res['wr_failure'])?></td>
         <td class="td_mng">
             <a href="./history_view.php?page=<?php echo $page?>&amp;st=<?php echo $st?>&amp;sv=<?php echo $sv?>&amp;wr_no=<?php echo $res['wr_no']?>&amp;wr_renum=<?php echo $res['wr_renum']?>" class="btn btn_03">수정</a>
-            <!-- <a href="./history_del.php?page=<?php echo $page?>&amp;st=<?php echo $st?>&amp;sv=<?php echo $sv?>&amp;wr_no=<?php echo $res[wr_no]?>&amp;wr_renum=<?php echo $res[wr_renum]?>">삭제</a> -->
+            <!-- <a href="./history_del.php?page=<?php echo $page?>&amp;st=<?php echo $st?>&amp;sv=<?php echo $sv?>&amp;wr_no=<?php echo $res['wr_no']?>&amp;wr_renum=<?php echo $res['wr_renum']?>">삭제</a> -->
         </td>
     </tr>
     <?php } ?>
     </tbody>
     </table>
-    <?php } ?>
     </div>
+    <?php } ?>
 
     <?php
     if( $write['wr_memo'] ){
diff --git a/bbs/content.php b/bbs/content.php
index 366e11e54..fb19fd7e3 100644
--- a/bbs/content.php
+++ b/bbs/content.php
@@ -26,6 +26,8 @@ if ($co['co_include_head'] && is_include_path_check($co['co_include_head']))
 else
     include_once('./_head.php');
 
+// KVE-2019-0828 취약점 내용
+$co['co_tag_filter_use'] = 1;
 $str = conv_content($co['co_content'], $co['co_html'], $co['co_tag_filter_use']);
 
 // $src 를 $dst 로 변환
diff --git a/bbs/download.php b/bbs/download.php
index 575f8571f..5a316d701 100644
--- a/bbs/download.php
+++ b/bbs/download.php
@@ -25,8 +25,12 @@ if (!$file['bf_file'])
 // JavaScript 불가일 때
 if($js != 'on' && $board['bo_download_point'] < 0) {
     $msg = $file['bf_source'].' 파일을 다운로드 하시면 포인트가 차감('.number_format($board['bo_download_point']).'점)됩니다.\\n포인트는 게시물당 한번만 차감되며 다음에 다시 다운로드 하셔도 중복하여 차감하지 않습니다.\\n그래도 다운로드 하시겠습니까?';
-    $url1 = G5_BBS_URL.'/download.php?'.clean_query_string($_SERVER['QUERY_STRING']).'&amp;js=on';
+    $url1 = G5_BBS_URL.'/download.php?'.clean_query_string($_SERVER['QUERY_STRING'], false).'&js=on';
     $url2 = clean_xss_tags($_SERVER['HTTP_REFERER']);
+    
+    if( $url2 && stripos($url2, $_SERVER['REQUEST_URI']) !== false ){
+        $url2 = G5_BBS_URL.'/board.php?'.clean_query_string($_SERVER['QUERY_STRING'], false);
+    }
 
     //$url1 = 확인link, $url2=취소link
     // 특정주소로 이동시키려면 $url3 이용
diff --git a/bbs/login.php b/bbs/login.php
index 30a3fe867..1a1697663 100644
--- a/bbs/login.php
+++ b/bbs/login.php
@@ -8,7 +8,7 @@ if( function_exists('social_check_login_before') ){
 $g5['title'] = '로그인';
 include_once('./_head.sub.php');
 
-$url = $_GET['url'];
+$url = strip_tags($_GET['url']);
 
 // url 체크
 check_url_host($url);
diff --git a/bbs/move_update.php b/bbs/move_update.php
index 92a5e2d18..648893398 100644
--- a/bbs/move_update.php
+++ b/bbs/move_update.php
@@ -1,6 +1,8 @@
 <?php
 include_once('./_common.php');
 
+$act = isset($act) ? strip_tags($act) : '';
+
 // 게시판 관리자 이상 복사, 이동 가능
 if ($is_admin != 'board' && $is_admin != 'group' && $is_admin != 'super')
     alert_close('게시판 관리자 이상 접근이 가능합니다.');
diff --git a/bbs/view_image.php b/bbs/view_image.php
index 196df9f4c..c7a7edca7 100644
--- a/bbs/view_image.php
+++ b/bbs/view_image.php
@@ -12,10 +12,10 @@ if ( ! preg_match('/(jpg|jpeg|png|gif|bmp)$/i', $extension) ){
     alert_close('이미지 확장자가 아닙니다.');
 }
 
-if(strpos($filename, 'data/editor')) {
+if(strpos($filename, G5_DATA_DIR.'/editor')) {
     $editor_file = strstr($filename, 'editor');
     $filepath = G5_DATA_PATH.'/'.$editor_file;
-} else if(strpos($filename, 'data/qa')) {
+} else if(strpos($filename, G5_DATA_DIR.'/qa')) {
     $editor_file = strstr($filename, 'qa');
     $filepath = G5_DATA_PATH.'/'.$editor_file;
 } else {
diff --git a/config.php b/config.php
index feeb0238f..121194b4d 100644
--- a/config.php
+++ b/config.php
@@ -5,8 +5,8 @@
 ********************/
 
 define('G5_VERSION', '그누보드5');
-define('G5_GNUBOARD_VER', '5.3.2.8');
-define('G5_YOUNGCART_VER', '5.3.2.8.1');
+define('G5_GNUBOARD_VER', '5.3.2.9');
+define('G5_YOUNGCART_VER', '5.3.2.9');
 
 // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음
 define('_GNUBOARD_', true);
diff --git a/extend/sms5.extend.php b/extend/sms5.extend.php
index eee1022ef..dbef097cf 100644
--- a/extend/sms5.extend.php
+++ b/extend/sms5.extend.php
@@ -23,6 +23,8 @@ $g5['sms5_book_group_table']      = $g5['sms5_prefix'] . 'book_group';
 $g5['sms5_form_table']            = $g5['sms5_prefix'] . 'form';
 $g5['sms5_form_group_table']      = $g5['sms5_prefix'] . 'form_group';
 
+$sms5 = array();
+
 if (!empty($config['cf_sms_use'])) {
 
     $sms5 = sql_fetch("select * from {$g5['sms5_config_table']} ", false);
diff --git a/head.sub.php b/head.sub.php
index 9ac33165e..d103a3f44 100644
--- a/head.sub.php
+++ b/head.sub.php
@@ -19,6 +19,9 @@ else {
     $g5_head_title .= " | ".$config['cf_title'];
 }
 
+$g5['title'] = strip_tags(get_text($g5['title']));
+$g5_head_title = strip_tags(get_text($g5_head_title));
+
 // 현재 접속자
 // 게시판 제목에 ' 포함되면 오류 발생
 $g5['lo_location'] = addslashes($g5['title']);
diff --git a/install/ajax.install.check.php b/install/ajax.install.check.php
index 381fd380a..534a78b94 100644
--- a/install/ajax.install.check.php
+++ b/install/ajax.install.check.php
@@ -16,7 +16,7 @@ $mysql_host  = safe_install_string_check($_POST['mysql_host'], 'json');
 $mysql_user  = safe_install_string_check($_POST['mysql_user'], 'json');
 $mysql_pass  = safe_install_string_check($_POST['mysql_pass'], 'json');
 $mysql_db    = safe_install_string_check($_POST['mysql_db'], 'json');
-$table_prefix= safe_install_string_check($_POST['table_prefix']);
+$table_prefix= safe_install_string_check(preg_replace('/[^a-zA-Z0-9_]/', '_', $_POST['table_prefix']));
 
 $tmp_str = isset($_SERVER['SERVER_SOFTWARE']) ? $_SERVER['SERVER_SOFTWARE'] : '';
 $ajax_token = md5($tmp_str.$_SERVER['REMOTE_ADDR'].$_SERVER['DOCUMENT_ROOT']);
diff --git a/install/install_config.php b/install/install_config.php
index f0150b6d3..6dd988989 100644
--- a/install/install_config.php
+++ b/install/install_config.php
@@ -187,7 +187,7 @@ function frm_install_submit(f)
         alert('TABLE명 접두사'+reg_msg); f.table_prefix.focus(); return false;
     }
 
-    if(/^[a-z][a-z0-9]/i.test(f.admin_id.value) == false) {
+    if(/^[a-z]+[a-z0-9]{2,19}$/i.test(f.admin_id.value) == false) {
         alert('최고관리자 회원 ID는 첫자는 반드시 영문자 그리고 영문자와 숫자로만 만드셔야 합니다.');
         f.admin_id.focus();
         return false;
diff --git a/install/install_db.php b/install/install_db.php
index 8b452e06d..68e5ac2af 100644
--- a/install/install_db.php
+++ b/install/install_db.php
@@ -33,6 +33,10 @@ if (isset($_POST['g5_install']))
 $g5_shop_prefix = $_POST['g5_shop_prefix'];
 $g5_shop_install= $_POST['g5_shop_install'];
 
+if (preg_match("/[^0-9a-z_]+/i", $admin_id)) {
+    die('<div class="ins_inner"><p>관리자 아이디는 영문자, 숫자, _ 만 입력하세요.</p><div class="inner_btn"><a href="./install_config.php">뒤로가기</a></div></div>');
+}
+
 $dblink = sql_connect($mysql_host, $mysql_user, $mysql_pass, $mysql_db);
 if (!$dblink) {
 ?>
diff --git a/lib/common.lib.php b/lib/common.lib.php
index a82bd6ea9..ab7431959 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -2752,6 +2752,11 @@ function module_exec_check($exe, $type)
         } else {
             // 바이너리 파일인지
             if($is_linux) {
+
+                if ( !function_exists('exec') ) {
+                    alert('exec 함수실행이 불가능하므로 사용할수 없습니다.');
+                }
+
                 $search = false;
                 $isbinary = true;
                 $executable = true;
@@ -3431,7 +3436,7 @@ function get_head_title($title){
     global $g5;
 
     if( isset($g5['board_title']) && $g5['board_title'] ){
-        $title = $g5['board_title'];
+        $title = strip_tags(get_text($g5['board_title']));
     }
 
     return $title;
@@ -3562,7 +3567,7 @@ function is_include_path_check($path='', $is_input='')
             if( preg_match('/\/data\/(file|editor|qa|cache|member|member_image|session|tmp)\/[A-Za-z0-9_]{1,20}\//i', $replace_path) ){
                 return false;
             }
-            if( preg_match('/\.\.\//i', $replace_path) && preg_match('/plugin\//i', $replace_path) && preg_match('/okname\//i', $replace_path) ){
+            if( (preg_match('/\.\.\//i', $replace_path) || preg_match('/^\/.*/i', $replace_path)) && preg_match('/plugin\//i', $replace_path) && preg_match('/okname\//i', $replace_path) ){
                 return false;
             }
         }
diff --git a/plugin/okname/hpcert1.php b/plugin/okname/hpcert1.php
index 45c64bd8f..d81aaeb73 100644
--- a/plugin/okname/hpcert1.php
+++ b/plugin/okname/hpcert1.php
@@ -1,8 +1,14 @@
 <?php
 include_once('./_common.php');
 
-if( isset($_REQUEST['exe']) && isset($exe) && $exe ){
-    die('bad request');
+$check_arrays = array('exe', 'svcTxSeqno', 'name', 'birthday', 'gender', 'ntvFrnrTpCd', 'mblTelCmmCd', 'mbphnNo', 'rsv1', 'rsv2', 'rsv3', 'returnMsg', 'returnUrl', 'inTpBit', 'hsCertMsrCd', 'hsCertRqstCausCd', 'memId', 'clientIp', 'clientDomain', 'endPointURL', 'logPath');
+
+foreach($check_arrays as $key){
+    if( isset($_REQUEST[$key]) && $_REQUEST[$key] ){
+        die('bad request');
+    }
+
+    $$key = '';
 }
 
 // 금일 인증시도 회수 체크
diff --git a/plugin/okname/hpcert2.php b/plugin/okname/hpcert2.php
index e28d03d45..ab8d24240 100644
--- a/plugin/okname/hpcert2.php
+++ b/plugin/okname/hpcert2.php
@@ -1,8 +1,14 @@
 <?php
 include_once('./_common.php');
 
-if( isset($_REQUEST['exe']) && isset($exe) && $exe ){
-    die('bad request');
+$check_arrays = array('exe', 'keypath', 'memId', 'endPointURL', 'logPath');
+
+foreach($check_arrays as $key){
+    if( isset($_REQUEST[$key]) && $_REQUEST[$key] ){
+        die('bad request');
+    }
+
+    $$key = '';
 }
 
 // KISA 취약점 내용(KVE-2018-0291) hpcert1.php의 $cmd 함수에 대한 인자 값은 hpcert_config.php 파일에서 설정되나, 이를 다른 페이지에서 포함한 뒤 호출할 시 임의 값 설정 가능
diff --git a/plugin/okname/ipin1.php b/plugin/okname/ipin1.php
index f694ea693..620b3c582 100644
--- a/plugin/okname/ipin1.php
+++ b/plugin/okname/ipin1.php
@@ -1,8 +1,14 @@
 <?php
 include_once('./_common.php');
 
-if( isset($_REQUEST['exe']) && isset($exe) && $exe ){
-    die('bad request');
+$check_arrays = array('exe', 'keypath', 'memid', 'reserved1', 'reserved2', 'EndPointURL', 'logpath', 'option');
+
+foreach($check_arrays as $key){
+    if( isset($_REQUEST[$key]) && $_REQUEST[$key] ){
+        die('bad request');
+    }
+
+    $$key = '';
 }
 
 // 금일 인증시도 회수 체크
diff --git a/plugin/okname/ipin2.php b/plugin/okname/ipin2.php
index 11b86753c..323789e6d 100644
--- a/plugin/okname/ipin2.php
+++ b/plugin/okname/ipin2.php
@@ -1,8 +1,14 @@
 <?php
 include_once('./_common.php');
 
-if( isset($_REQUEST['exe']) && isset($exe) && $exe ){
-    die('bad request');
+$check_arrays = array('exe', 'keypath', 'memid', 'EndPointURL', 'cpubkey', 'csig', 'encdata', 'logpath', 'option');
+
+foreach($check_arrays as $key){
+    if( isset($_REQUEST[$key]) && $_REQUEST[$key] ){
+        die('bad request');
+    }
+
+    $$key = '';
 }
 
 include('./ipin.config.php');
diff --git a/plugin/sms5/sms5.lib.php b/plugin/sms5/sms5.lib.php
index 6f872e300..da8f530e1 100644
--- a/plugin/sms5/sms5.lib.php
+++ b/plugin/sms5/sms5.lib.php
@@ -164,8 +164,8 @@ if($config['cf_sms_type'] == 'LMS') {
         }
 
         function Init() {
-            $this->Data     = "";   // 발송하기 위한 패킷내용이 배열로 들어간다.
-            $this->Result   = "";   // 발송결과값이 배열로 들어간다.
+            $this->Data     = array();   // 발송하기 위한 패킷내용이 배열로 들어간다.
+            $this->Result   = array();   // 발송결과값이 배열로 들어간다.
         }
 
         function Add($strDest, $strCallBack, $strCaller, $strSubject, $strURL, $strData, $strDate="", $nCount) {
@@ -260,7 +260,7 @@ if($config['cf_sms_type'] == 'LMS') {
                     $this->Result[] = "$phone:$code";
                     $this->Log[] = $puts;
                 }
-                $this->Data = "";
+                $this->Data = array();
                 return true;
                 exit;
             }
@@ -284,7 +284,7 @@ if($config['cf_sms_type'] == 'LMS') {
             }
 
             fclose($fsocket);
-            $this->Data = "";
+            $this->Data = array();
             return true;
         }
     }
@@ -431,7 +431,7 @@ if($config['cf_sms_type'] == 'LMS') {
                     $this->Result[] = "$phone:$code";
                     $this->Log[] = $puts;
                 }
-                $this->Data = "";
+                $this->Data = array();
                 return true;
                 exit;
             }
@@ -463,7 +463,7 @@ if($config['cf_sms_type'] == 'LMS') {
                 if ($count++%1000 == 0) sleep(5);
             }
             fclose($fsocket);
-            $this->Data = "";
+            $this->Data = array();
             return true;
         }
     }
diff --git a/plugin/syndi/ping.php b/plugin/syndi/ping.php
index fe5610c01..ff869b876 100644
--- a/plugin/syndi/ping.php
+++ b/plugin/syndi/ping.php
@@ -29,7 +29,7 @@ $feed_updated = date('Y-m-d\TH:i:s\+09:00', G5_SERVER_TIME);
 $find         = array('&amp;', '&nbsp;'); # 찾아서
 $replace      = array('&', ' '); # 바꾼다
 
-$content      = str_replace( $find, $replace, $write['wr_content'] );
+$content      = str_replace( $find, $replace, html_purifier($write['wr_content']) );
 $summary      = str_replace( $find, $replace, strip_tags($write['wr_content']) );
 
 Header("Content-type: text/xml");
diff --git a/skin/board/gallery/list.skin.php b/skin/board/gallery/list.skin.php
index 36b32bfbe..3ce791234 100644
--- a/skin/board/gallery/list.skin.php
+++ b/skin/board/gallery/list.skin.php
@@ -128,7 +128,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$board_skin_url.'/style.css">', 0
                          </a>
                     </div>
                     <div class="gall_name">
-                        <span class="sound_only">작성자 </span><span class="profile_img"><?php echo $list[$i]['name'] ?>
+                        <span class="sound_only">작성자 </span><span class="profile_img"><?php echo $list[$i]['name'] ?></span>
                     </div>
                     <div class="gall_info">
                         <span class="sound_only">조회 </span><i class="fa fa-eye" aria-hidden="true"></i> <?php echo $list[$i]['wr_hit'] ?>
diff --git a/skin/latest/basic/latest.skin.php b/skin/latest/basic/latest.skin.php
index 1c1a60698..cd7d11efd 100644
--- a/skin/latest/basic/latest.skin.php
+++ b/skin/latest/basic/latest.skin.php
@@ -3,7 +3,6 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 
 // add_stylesheet('css 구문', 출력순서); 숫자가 작을 수록 먼저 출력됨
 add_stylesheet('<link rel="stylesheet" href="'.$latest_skin_url.'/style.css">', 0);
-add_javascript('<script src="'.G5_JS_URL.'/jquery.bxslider.js"></script>', 10);
 ?>
 
 <div class="lat">
diff --git a/theme/basic/head.sub.php b/theme/basic/head.sub.php
index 234630e7e..33de09108 100644
--- a/theme/basic/head.sub.php
+++ b/theme/basic/head.sub.php
@@ -13,6 +13,9 @@ else {
     $g5_head_title .= " | ".$config['cf_title'];
 }
 
+$g5['title'] = strip_tags(get_text($g5['title']));
+$g5_head_title = strip_tags(get_text($g5_head_title));
+
 // 현재 접속자
 // 게시판 제목에 ' 포함되면 오류 발생
 $g5['lo_location'] = addslashes($g5['title']);
diff --git a/theme/basic/skin/board/gallery/list.skin.php b/theme/basic/skin/board/gallery/list.skin.php
index 3795ce0c6..3ce791234 100644
--- a/theme/basic/skin/board/gallery/list.skin.php
+++ b/theme/basic/skin/board/gallery/list.skin.php
@@ -128,7 +128,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$board_skin_url.'/style.css">', 0
                          </a>
                     </div>
                     <div class="gall_name">
-                        <span class="sound_only">작성자 </span><?php echo $list[$i]['name'] ?>
+                        <span class="sound_only">작성자 </span><span class="profile_img"><?php echo $list[$i]['name'] ?></span>
                     </div>
                     <div class="gall_info">
                         <span class="sound_only">조회 </span><i class="fa fa-eye" aria-hidden="true"></i> <?php echo $list[$i]['wr_hit'] ?>