CVE-2024-51747

Summary

CVE-2024-51747 is a vulnerability affecting Kanboard, a project management software that utilizes the Kanban methodology. An authenticated admin user can exploit a path traversal issue in the SQLite database, allowing them to read and delete arbitrary files on the server. This vulnerability arises due to the way file attachments are resolved in the `project_has_files` database table. An attacker can manipulate file links through a modified SQLite database, which can be uploaded using a dedicated feature. Once the malicious database is uploaded and a project page is accessed, an administrator may unintentionally download affected files. The vulnerability has been addressed in version 1.2.42, and users are strongly advised to upgrade as soon as possible. At present, there are no known workarounds for this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.