Kados R10 GreenBee - Multiple SQL Injection Vulnerability Summary Vulnerability Overview Vulnerability Name: Kados R10 GreenBee - Multiple SQL Injection (Kados R10 GreenBee - Multiple SQL Injection Vulnerabilities) EDB-ID: 46505 Author: MEHMET EMİROGLU Publication Date: 2019-03-07 Platform: PHP Software Description: KADOS (Kanban Dashboard for Online Scrum) is a web-based tool for managing Scrum projects. Affected Scope The vulnerability exists in the Kados R10 GreenBee version. The affected parameters and files include: parameters.php: , profiles.php: , users.php: , app_columns.php: , app_external_connections.php: app_template_tags.php: app_template_tags_groups.php: app_templates.php: my_profile.php: template_checklist.php: news.php: , , , , Remediation 1. Input Validation: Perform strict type checking and whitelist validation on all user-supplied parameters (e.g., , , etc.). 2. Parameterized Queries: Use prepared statements or parameterized queries in database operations to avoid direct SQL string concatenation. 3. Principle of Least Privilege: Ensure the database account possesses only the minimum permissions necessary to perform required operations. 4. Filter Special Characters: Escape or filter special characters in inputs (e.g., , , , , , etc.). POC Code / Exploit Code The following are examples of SQL injection payloads provided in the screenshots: 1. menu_level Parameter Injection (Multiple Files) 2. mg_profile_id Parameter Injection 3. id_to_modify Parameter Injection 4. userreset Parameter Injection (Blind SQLi) 5. language_tag Parameter Injection (Blind SQLi) 6. id_to_delete Parameter Injection (Blind SQLi) 7. sort_direction Parameter Injection (Blind SQLi) 8. id_project Parameter Injection (Blind SQLi) 9. filter_user_mail Parameter Injection (Blind SQLi - POST) (Payload: ) 10. id_to_modify Parameter Injection (Frame Injection)**