2 matches found
CVE-2017-15205
In Kanboard before 1.0.47, by altering form data, an authenticated user can download attachments from a private project of another user...
CVE-2017-15205
The CVE-2017-15205 issue affects Kanboard prior to 1.0.47. An authenticated user can exploit a flaw by altering form data to download attachments from private projects belonging to other users. Root cause is inadequate validation of form data on attachment access, enabling vertical privilege esca...