Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

webtareas project webtareas vulnerabilities and exploits

(subscribe to this query)
9.8
CVSSv3
CVE-2021-43481
An SQL Injection vulnerability exists in Webtareas 2.4p3 and previous versions via the $uq HTTP POST parameter in editapprovalstage.php.
Webtareas Project Webtareas 2.4Webtareas Project Webtareas
7.5
CVSSv3
CVE-2021-41920
webTareas version 2.4 and previous versions allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters. This allows an malicious user to access all t...
Webtareas Project Webtareas
6.1
CVSSv3
CVE-2020-25735
webTareas up to and including 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, administration/departments.php, administration/locations.php, expenses/claim_type.php, projects/editproject.php, and general/newnotifications....
Webtareas Project Webtareas
7.5
CVSSv3
CVE-2020-25733
webTareas up to and including 2.1 allows upload of the dangerous .exe and .shtml file types.
Webtareas Project Webtareas
5.3
CVSSv3
CVE-2020-25734
webTareas up to and including 2.1 allows files/Default/ Directory Listing.
Webtareas Project Webtareas
8.8
CVSSv3
CVE-2021-41916
A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version 2.4 and previous versions allows a remote malicious user to create a new administrative profile and add a new user to the new profile. without the victim's knowledge, by enticing an authenticated admin us...
Webtareas Project Webtareas
5.4
CVSSv3
CVE-2021-41917
webTareas version 2.4 and previous versions allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against...
Webtareas Project Webtareas
5.4
CVSSv3
CVE-2021-41918
webTareas version 2.4 and previous versions allows an authenticated user to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against the platform users and administrators. The issue affects...
Webtareas Project Webtareas
8.8
CVSSv3
CVE-2021-41919
webTareas version 2.4 and previous versions allows an authenticated user to arbitrarily upload potentially dangerous files without restrictions. This is working by adding or replacing a personal profile picture. The affected endpoint is /includes/upload.php on the HTTP POST data....
Webtareas Project Webtareas
5.4
CVSSv3
CVE-2022-44953
webtareas 2.4p5 exists to contain a cross-site scripting (XSS) vulnerability in the component /linkedcontent/listfiles.php. This vulnerability allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "A...
Webtareas Project Webtareas 2.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook