Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2026/01/09 11:35 a.m.7 views

CVE-2021-41920

webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sorcible, sorchamps, and sorordre HTTP POST parameters. This allows an attacker to access all the data in the database and obtain...

7.5CVSS8.2AI score0.01673EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/12/22 9:35 p.m.6 views

CVE-2023-53971 WebTareas 2.4 Authenticated Remote Code Execution via File Upload

WebTareas 2.4 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the chat photo upload functionality. Attackers can upload a PHP file with arbitrary code to the /files/Messages/ directory and execute it directly through the generated file pa...

8.8CVSS7.2AI score0.00409EPSS
Exploits1References3
nvd
nvd
added 2021/10/08 4:15 p.m.21 views

CVE-2021-41917

webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the platform users and...

5.4CVSS0.00549EPSS
Exploits1References1
cvelist
cvelist
added 2021/10/08 3:33 p.m.18 views

CVE-2021-41917

webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the platform users and...

5.4AI score0.00549EPSS
Exploits1References1
Rows per page
Query Builder