Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WebTareas 2.4 Unauthenticated SQL Injection via Session Cookie Parameter
Vulnerability Description
WebTareas 2.4 contains a SQL injection vulnerability in the webTareasSID cookie parameter that allows unauthenticated attackers to manipulate database queries. Attackers can exploit error-based and time-based blind SQL injection techniques to extract database information and potentially access sensitive system data.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
webTareas SQL注入漏洞
Vulnerability Description
webTareas是luiswang个人开发者的一款基于Web的开源协作工具。该产品支持项目管理、错误跟踪、内容管理和会议管理等功能。 webTareas 2.4版本存在SQL注入漏洞,该漏洞源于webTareasSID cookie参数存在SQL注入,可能导致未经验证的攻击者操纵数据库查询。
CVSS Information
N/A
Vulnerability Type
N/A