Primary

Context

Kados R10 GreenBee SQL Injection Vulnerability

Vulnerability

An SQL injection vulnerability has been identified in Kados R10 GreenBee, a web-based tool for managing Scrum projects. This vulnerability allows attackers to inject malicious SQL code through the sort_direction parameter, potentially leading to unauthorized access to sensitive database information or modification of data. The issue affects Kados R10 GreenBee versions through R10 GreenBee.

Impact

Exploitation of this vulnerability allows for SQL injection, where attackers can manipulate database queries. This could lead to unauthorized data access, data modification, or in some cases, executing administrative operations on the database.

Reproduction

The vulnerability can be reproduced by sending a crafted request to the 'sort_direction' parameter in various PHP files within the Kados application. This can be done using a local server environment such as Wamp64.

Added: Apr 5, 2026, 9:27 PM

Updated: Apr 5, 2026, 9:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.0

remediation

0.0

relevance

5.3

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.0

remediation

0.0

relevance

5.3

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Kados R10 GreenBee SQL Injection Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating