webTareas version 2.4 and previous versions allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters. This allows an malicious user to access all the data in the database and obtain access to the webTareas application.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
webtareas project webtareas |