VYPR
Unrated severityNVD Advisory· Published Jul 5, 2023· Updated Feb 13, 2025

Kanboard Authenticated SQL Injections vulnerability

CVE-2023-36813

Description

Kanboard is project management software that focuses on the Kanban methodology. In versions prior to 1.2.31authenticated user is able to perform a SQL Injection, leading to a privilege escalation or loss of confidentiality. It appears that in some insert and update operations, the code improperly uses the PicoDB library to update/insert new information. Version 1.2.31 contains a fix for this issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Kanboard/Kanboardllm-fuzzy2 versions
    <1.2.31+ 1 more
    • (no CPE)range: <1.2.31
    • (no CPE)range: < 1.2.31

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.