Plattform
php
Komponente
kanboard
Behoben in
1.2.43
CVE-2024-51748 is a critical Remote Code Execution (RCE) vulnerability discovered in Kanboard, a project management software utilizing the Kanban methodology. This vulnerability allows an authenticated administrator to execute arbitrary PHP code on the server by exploiting a file write capability within the application’s language settings. The vulnerability impacts Kanboard versions 1.2.42 and earlier, and a fix is available in version 1.2.42.
The impact of CVE-2024-51748 is severe. An attacker who can successfully exploit this vulnerability gains the ability to execute arbitrary PHP code on the Kanboard server with administrator privileges. This could lead to complete server compromise, including data exfiltration, malware installation, and denial of service. The requirement to upload a 'translations.php' file presents a relatively low barrier to entry for attackers familiar with PHP and web application vulnerabilities. Successful exploitation could allow attackers to modify the database, steal sensitive project data, or even pivot to other systems on the network.
CVE-2024-51748 was publicly disclosed on November 11, 2024. While no active exploitation campaigns have been publicly confirmed, the vulnerability's ease of exploitation and the critical severity rating suggest a high probability of exploitation. It is not currently listed on the CISA KEV catalog. Public proof-of-concept code is likely to emerge given the vulnerability's nature and the public disclosure.
Organizations utilizing Kanboard for project management, particularly those with administrator accounts that are not adequately secured, are at risk. Shared hosting environments where multiple users share the same Kanboard instance are also at increased risk, as a compromised user account could potentially be leveraged to exploit this vulnerability.
• php: Examine Kanboard server logs for attempts to upload PHP files, especially those named 'translations.php'.
• php: Use find /var/www/kanboard/ -name 'translations.php' -type f to locate any unexpected 'translations.php' files.
• generic web: Monitor web server access logs for requests targeting file upload endpoints with suspicious file extensions or content.
• generic web: Check Kanboard's settings table in the database for unusual values in the application_language field.
disclosure
Exploit-Status
EPSS
0.61% (70% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-51748 is to immediately upgrade Kanboard to version 1.2.42 or later. If upgrading is not immediately feasible, consider implementing strict file upload restrictions to prevent the upload of malicious PHP files. Web Application Firewalls (WAFs) configured to detect and block PHP code execution attempts targeting file upload endpoints could provide a temporary layer of protection. Monitor Kanboard logs for unusual file modification activity, particularly within the settings table related to application language settings. After upgrading, confirm the fix by attempting to upload a malicious PHP file and verifying that it is rejected.
Actualice Kanboard a la versión 1.2.42 o superior. Esta versión corrige la vulnerabilidad de ejecución remota de código. No existen workarounds conocidos, por lo que la actualización es la única solución recomendada.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-51748 is a critical Remote Code Execution vulnerability in Kanboard project management software, allowing authenticated admins to execute arbitrary PHP code.
Yes, if you are using Kanboard version 1.2.42 or earlier, you are affected by this vulnerability.
Upgrade Kanboard to version 1.2.42 or later to remediate the vulnerability. Consider temporary WAF rules if immediate upgrade is not possible.
While no active exploitation campaigns have been publicly confirmed, the vulnerability's severity and ease of exploitation suggest a high probability of exploitation.
Refer to the Kanboard security advisory for detailed information and updates: [https://github.com/kanboard/kanboard/security/advisories/GHSA-5g99-5x6x-599x](https://github.com/kanboard/kanboard/security/advisories/GHSA-5g99-5x6x-599x)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.