Privilege Escalation: Unauthorized Removal of Attachments in Kanboard

CVE-2017-15209 · MEDIUM

CVE-2017-15209

In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user.

Learn more about our User Device Pen Test.