CVE-2024-51748

Name of the Vulnerable Software and Affected Versions: Kanboard versions prior to 1.2.42

Description: The issue concerns the Kanboard project management software, which focuses on the Kanban methodology. An authenticated Kanboard admin can execute arbitrary PHP code on the server due to a path traversal vulnerability. This can be achieved by uploading a modified sqlite.db file, which allows an attacker to control the filepath loaded by the application. The attacker must be able to place a file called translations.php on the system, potentially through an anonymous FTP server or another application that allows file uploads. Once the file is in place, the attacker can craft a sqlite db settings file that uses path traversal to point to the directory where the translations.php file is stored, ultimately gaining code execution after importing the crafted sqlite.db.

Recommendations: For versions prior to 1.2.42, upgrade to version 1.2.42 to mitigate the risk of exploitation. As a temporary workaround, consider restricting access to the translations.php file and disabling any features that allow uploading files to the system until the upgrade is applied. Avoid using the application language setting in the settings table to load user interface languages from untrusted sources.