CNNVD-202508-1071 Information
CNNVD ID
CNNVD-202508-1071
Related CVE
- CNNVD Published: 2025-08-12
Description (Chinese)
Kanboard是Kanboard开源的一套开源的可视化任务板软件。该软件能够根据业务定制面板。 Kanboard 1.2.47之前版本存在安全漏洞,该漏洞源于API未验证task_id参数且未检查路径遍历,可能导致任意文件写入。
Description (English)
Kanboard is an open-source, visualized taskboard software for Kanboard. The software is able to customize the panel according to business. There was a security loophole in the previous version of Kanboard 1.2.47, which originated from the fact that API did not verify the task id parameters and did not check the routing, which could lead to any document being written.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Kanboard
Published
2025-08-12
Last Modified
2026-02-24
References
https://github.com/kanboard/kanboard/blob/b2e35ac520add67cff792aab960b3c002c48e3d0/app/Api/Procedure/TaskFileProcedure.php#L47-L57 https://github.com/kanboard/kanboard/security/advisories/GHSA-26f4-rx96-xc55 https://github.com/kanboard/kanboard/commit/523a6135e944b6884c091a3fd7605af8ef133681 https://nvd.nist.gov/vuln/detail/CVE-2025-55011
Patch
https://github.com/kanboard/kanboard/releases
Share on: