Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters. This allows an attacker to access all the data in the database and obtain access to the webTareas application.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
webTareas SQL注入漏洞
Vulnerability Description
webTareas是一款基于Web的开源协作工具。该产品支持项目管理、错误跟踪、内容管理和会议管理等功能。 webTareas 2.4及之前版本存在安全漏洞,未经身份验证的用户通过"sor_cible"、"sor_champs"和"sor_ordre"等HTTP POST参数在端点"/includes/library.php"上执行基于时间和布尔值的SQL注入。
CVSS Information
N/A
Vulnerability Type
N/A