Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Kanboard's privilege escalation via mass assignment in user invite registration allows any invited user to become admin
Vulnerability Description
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.51, Kanboard's user invite registration endpoint (`UserInviteController::register()`) accepts all POST parameters and passes them to `UserModel::create()` without filtering out the `role` field. An attacker who receives an invite link can inject `role=app-admin` in the registration form to create an administrator account. Version 1.2.51 fixes the issue.
CVSS Information
N/A
Vulnerability Type
CWE-915
Vulnerability Title
Kanboard 安全漏洞
Vulnerability Description
Kanboard是Kanboard开源的一套开源的可视化任务板软件。该软件能够根据业务定制面板。 Kanboard 1.2.51之前版本存在安全漏洞,该漏洞源于用户邀请注册端点未过滤role字段,可能导致攻击者注入role=app-admin参数创建管理员账户。
CVSS Information
N/A
Vulnerability Type
N/A