CVE-2014-3920
Kanboard < 1.0.6 - Cross-Site Request Forgery via Administrative User Addition
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in Kanboard before 1.0.6 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a save action to the default URI.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/532619/100/0/threaded
Exploit x_refsource_misc
https://www.htbridge.com/advisory/HTB23217
Various Sources x_refsource_confirm
http://kanboard.net/news
Scores
EPSS
0.0069
EPSS Percentile
48.4%
Details
CWE
CWE-352
Status
published
Products (7)
kanboard/kanboard
1.0.0
kanboard/kanboard
1.0.1
kanboard/kanboard
1.0.2
kanboard/kanboard
1.0.3
kanboard/kanboard
1.0.4
kanboard/kanboard
1.0.5
kanboard/kanboard
< 1.0.6
Published
Jul 03, 2014
Tracked Since
Feb 18, 2026