Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-51747 PoC — Kanboard 安全漏洞

Source
https://github.com/l20170217b/CVE-2024-51747
Associated Vulnerability
Title:Kanboard 安全漏洞 (CVE-2024-51747)
Description:Kanboard是Kanboard开源的一套开源的可视化任务板软件。该软件能够根据业务定制面板。 Kanboard 1.2.42之前版本存在安全漏洞,该漏洞源于经过身份验证的管理员可以从服务器读取和删除任意文件。
Readme
# CVE-2024-51747
Log in with an administrator account and download the database in the system settings
![2024-11-15_114806](https://github.com/user-attachments/assets/05843939-b0eb-45b0-9c7a-e5fba955c9f4)

Modify project_has_files in the sqlite.db database
![2024-11-15_115438](https://github.com/user-attachments/assets/aa7f2fd1-464f-418e-a50b-84cb9935566b)

Compress the modified sqlite.db with gzip and upload it. After uploading it to the project and clicking the file to view/download, the attacker can read and delete any file from the server.
![2024-11-15_115652](https://github.com/user-attachments/assets/c04a30af-7140-4193-a527-21d7d2691df4)
File Snapshot

 [4.0K]  /data/pocs/6fe1319c10a414fe0e43353b36c4b89b187d27e4
└── [ 652]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.