2 matches found
CVE-2010-1521
CVE-2010-1521 describes a SQL injection in TaskFreak! Original (multi-user) before 0.6.4, exploitable via the password parameter in login.php to execute arbitrary SQL. Public references in the connected data confirm the vulnerable file include/classes/tzn_user.php and the input field used for aut...
CVE-2010-1520
CVE-2010-1520: TaskFreak! is affected by a Cross-Site Scripting vulnerability in logout.php via the tznMessage parameter in original multi-user releases before 0.6.4. The issue allows remote attackers to inject arbitrary HTML/script when a user loads the affected logout page. Multiple sources cor...