5 matches found
CVE-2020-37080 webTareas 2.0.p8 - Arbitrary File Deletion
webTareas 2.0.p8 contains a file deletion vulnerability in the printlayout.php administration component that allows authenticated attackers to delete arbitrary files. Attackers can exploit the vulnerability by manipulating the 'atttmp1' parameter to specify and delete files on the server through ...
CVE-2022-44291
webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php...
CVE-2020-25734
webTareas through 2.1 allows files/Default/ Directory Listing...
CVE-2022-44955
webtareas 2.4p5 was discovered to contain a cross-site scripting XSS vulnerability in the Chat function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Messages field...
CVE-2021-41918
webTareas version 2.4 and earlier allows an authenticated user to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against the platform users and administrators. The issue affects every endpoint on the...