Kanboard Kanboard : Security vulnerabilities, CVEs

Copy

CVE-2023-36813

Kanboard is project management software that focuses on the Kanban methodology. In versions prior to 1.2.31authenticated user is able to perform a SQL Injection, leading to a privilege escalation or loss of confidentiality. It appears that in some insert and update operations, the code improperly uses the PicoDB library to update/insert new information. Version 1.2.31 contains a fix for this issue.

Max CVSS

8.8

EPSS Score

0.05%

Published

2023-07-05

Updated

2023-07-17

CVE-2017-12851

An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46.

Max CVSS

8.8

EPSS Score

0.09%

Published

2017-08-14

Updated

2017-08-24

CVE-2017-12850

An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46.

Max CVSS

8.8

EPSS Score

0.09%

Published

2017-08-14

Updated

2017-08-24

3 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!