Riccardobonafede

**Name of the Vulnerable Software and Affected Versions** Kanboard versions prior to 1.2.31 **Description** Kanboard is project management software that focuses on the Kanban methodology. In versions prior to 1.2.31, an authenticated user is able to perform a SQL Injection, leading to a privilege escalation or loss of confidentiality. It appears that in some insert and update operations, the code improperly uses the PicoDB library to update/insert new information. **Recommendations** For versions prior to 1.2.31, update to version 1.2.31 to resolve the issue. As a temporary workaround, consider restricting access to the PicoDB library until a patch is available. Avoid using the vulnerable insert and update operations in the affected code until the issue is resolved.