CVE-2021-41920
08.10.2021, 16:15
webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters. This allows an attacker to access all the data in the database and obtain access to the webTareas application.
| Vendor | Product | Version |
|---|---|---|
| webtareas_project | webtareas | 𝑥 ≤ 2.4 |
𝑥
= Vulnerable software versions