CVE-2023-36813

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jul 5, 2023

Updated: Jul 17, 2023

CWE ID 89

Summary

CVE-2023-36813 is a vulnerability affecting the Kanboard project management software. In versions prior to 1.2.31, an authenticated user can execute SQL Injections during certain insert and update operations. This vulnerability can result in privilege escalation or confidentiality loss. The issue stems from the PicoDB library being used improperly in the software's update and insert functions. Version 1.2.31 includes a fix for this weakness.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Kanboard

Affected Vendors

Kanboard

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rzcWwL
https://www.cve.org/CVERecord?id=CVE-2023-36813
https://nvd.nist.gov/vuln/detail/CVE-2023-36813

Back to Vulnerability Database