webTareas is a Web-based open source collaboration tool. The product supports project management, bug tracking, content management and meeting management. webTareas 2.4 and earlier versions have security vulnerabilities that allow unauthenticated users to execute time- and boolean-based SQL injections on the endpoint "/includes/library.php" via HTTP POST parameters such as "sor_cible", "sor_champs" and "sor_ordre". /library.php" on the endpoint to perform time- and Boolean-based SQL injection. An attacker can exploit the vulnerability to access all data in the database and gain access to the webTareas application.
CPE | Name | Operator | Version |
---|---|---|---|
webtareas webtareas | le | 2.4 |