vendor:
Kados R10 GreenBee
by:
Mehmet EMIROGLU
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Kados R10 GreenBee
Affected Version From: R10 GreenBee
Affected Version To: R10 GreenBee
Patch Exists: NO
Related CWE: N/A
CPE: a:kados:kados:r10_greenbee
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: Wamp64, Windows
2019
Kados R10 GreenBee – ‘menu_lev1’ SQL Injection
KADOS (KAnban Dashboard for Online Scrum) is a web-based tool for managing Scrum projects. An attacker can exploit a SQL injection vulnerability in the 'menu_lev1' parameter of the Kados R10 GreenBee application. The attacker can send malicious payloads to the vulnerable parameter and execute arbitrary SQL commands in the backend database.
Mitigation:
Input validation should be used to prevent SQL injection attacks. The application should use parameterized queries, stored procedures, and/or whitelisting to ensure that user-supplied input is sanitized.
