PT-2026-26024 · Kanboard · Kanboard
Cydave
·
Publicado
2026-03-18
·
Atualizado
2026-03-19
·
CVE-2026-33058
CVSS v4.0
8.4
Alta
| Vetor | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N |
Name of the Vulnerable Software and Affected Versions
Kanboard versions prior to 1.2.51
Description
Kanboard is project management software focused on the Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection issue. Attackers with permission to add users to a project can exploit this to dump the entire Kanboard database. The vulnerability allows for SQL injection through the addition of users to a project. The
add users functionality is the point of exploitation. Version 1.2.51 resolves this issue.Recommendations
Versions prior to 1.2.51 should be updated to version 1.2.51 or later.
Exploit
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Kanboard