5 matches found
CVE-2024-36399
Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to a project only get checked on the URL parameter project_id. If the user is authorized to add users t...
CVE-2017-12850
An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46.
CVE-2017-12851
An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46.
CVE-2023-36813
Kanboard is project management software that focuses on the Kanban methodology. In versions prior to 1.2.31authenticated user is able to perform a SQL Injection, leading to a privilege escalation or loss of confidentiality. It appears that in some insert and update operations, the code improperly u...
CVE-2025-52560
Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard allows password reset emails to be sent with URLs derived from the unvalidated Host header when the application_url configuration is unset (default behavior). This allows an attacker to...