CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-53972

WebTareas 2.4 contains a SQL injection vulnerability in the webTareasSID cookie parameter that allows unauthenticated attackers to manipulate database queries. Attackers can exploit error-based and time-based blind SQL injection techniques to extract database information and potentially access sensitive system data.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 21.8%

CVSS Severity

CVSS v3 Score 8.2

References

https://sourceforge.net/projects/webtareas/
https://www.exploit-db.com/exploits/51087
https://www.vulncheck.com/advisories/webtareas-unauthenticated-sql-injection-via-session-cookie-parameter

Products affected by CVE-2023-53972

Webtareas Project » Webtareas » Version: 2.4

cpe:2.3:a:webtareas_project:webtareas:2.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-53972

Products

Pricing

Contact Us