CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-41919

webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dangerous files without restrictions. This is working by adding or replacing a personal profile picture. The affected endpoint is /includes/upload.php on the HTTP POST data. This allows an attacker to exploit the platform by injecting code or malware and, under certain conditions, to execute code on remote user browsers.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.015

EPSS Ranking 80.5%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

Products affected by CVE-2021-41919

Webtareas Project » Webtareas » Version: 2.0

cpe:2.3:a:webtareas_project:webtareas:2.0
Webtareas Project » Webtareas » Version: 2.1

cpe:2.3:a:webtareas_project:webtareas:2.1
Webtareas Project » Webtareas » Version: 2.2

cpe:2.3:a:webtareas_project:webtareas:2.2
Webtareas Project » Webtareas » Version: 2.4

cpe:2.3:a:webtareas_project:webtareas:2.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-41919

Products

Pricing

Contact Us