CVE-2023-36813

Name of the Vulnerable Software and Affected Versions Kanboard versions prior to 1.2.31

Description Kanboard is project management software that focuses on the Kanban methodology. In versions prior to 1.2.31, an authenticated user is able to perform a SQL Injection, leading to a privilege escalation or loss of confidentiality. It appears that in some insert and update operations, the code improperly uses the PicoDB library to update/insert new information.

Recommendations For versions prior to 1.2.31, update to version 1.2.31 to resolve the issue. As a temporary workaround, consider restricting access to the PicoDB library until a patch is available. Avoid using the vulnerable insert and update operations in the affected code until the issue is resolved.