Published: 05/07/2023 Updated: 17/07/2023

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

Kanboard is project management software that focuses on the Kanban methodology. In versions before 1.2.31authenticated user is able to perform a SQL Injection, leading to a privilege escalation or loss of confidentiality. It appears that in some insert and update operations, the code improperly uses the PicoDB library to update/insert new information. Version 1.2.31 contains a fix for this issue.

Vulnerable Product	Search on Vulmon	Subscribe to Product
kanboard kanboard

Debian Bug report logs - #1040265 CVE-2023-36813: Multiple Authenticated SQL Injections Package: kanboard; Maintainer for kanboard is Joseph Nahmias <jello@debianorg>; Source for kanboard is src:kanboard (PTS, buildd, popcon) Reported by: Joseph Nahmias <joe@nahmiasnet> Date: Tue, 4 Jul 2023 00:36:01 UTC Severity ...

Riccardo Bonafede discovered that the Kanboard project management software was susceptible to SQL injection For the stable distribution (bookworm), this problem has been fixed in version 1226+ds-2+deb12u2 We recommend that you upgrade your kanboard packages For the detailed security status of kanboard please refer to its security tracker page ...

CWE-89 https://github.com/kanboard/kanboard/releases/tag/v1.2.31 https://github.com/kanboard/kanboard/security/advisories/GHSA-9gvq-78jp-jxcx https://github.com/kanboard/kanboard/commit/25b93343baeaf8ad018dcd87b094e47a5c6a3e0a https://www.debian.org/security/2023/dsa-5454 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040265 https://nvd.nist.gov https://www.debian.org/security/2023/dsa-5454

CVE-2023-36813

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect