Vulnerabilities > CVE-2023-36813 - Unspecified vulnerability in Kanboard
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Kanboard is project management software that focuses on the Kanban methodology. In versions prior to 1.2.31authenticated user is able to perform a SQL Injection, leading to a privilege escalation or loss of confidentiality. It appears that in some insert and update operations, the code improperly uses the PicoDB library to update/insert new information. Version 1.2.31 contains a fix for this issue.
Vulnerable Configurations
References
- https://github.com/kanboard/kanboard/commit/25b93343baeaf8ad018dcd87b094e47a5c6a3e0a
- https://github.com/kanboard/kanboard/commit/25b93343baeaf8ad018dcd87b094e47a5c6a3e0a
- https://github.com/kanboard/kanboard/releases/tag/v1.2.31
- https://github.com/kanboard/kanboard/releases/tag/v1.2.31
- https://github.com/kanboard/kanboard/security/advisories/GHSA-9gvq-78jp-jxcx
- https://github.com/kanboard/kanboard/security/advisories/GHSA-9gvq-78jp-jxcx
- https://www.debian.org/security/2023/dsa-5454
- https://www.debian.org/security/2023/dsa-5454