Webtareas Project: Security Vulnerabilities
webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters. This allows an attacker to access all the data in the database and obtain access to the webTareas application.
CVSS Score
7.5
EPSS Score
0.026
Published
2021-10-08
Path Traversal vulneraility exists in webTareas 2.0 via the extpath parameter in general_serv.php, which could let a malicious user read arbitrary files.
CVSS Score
6.5
EPSS Score
0.014
Published
2021-08-18
webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-09-18
webTareas through 2.1 allows files/Default/ Directory Listing.
CVSS Score
5.3
EPSS Score
0.004
Published
2020-09-18
webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, administration/departments.php, administration/locations.php, expenses/claim_type.php, projects/editproject.php, and general/newnotifications.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-09-18
webTareas v2.1 is affected by Cross Site Scripting (XSS) on "Search."
CVSS Score
5.4
EPSS Score
0.002
Published
2020-08-26
The loginForm within the general/login.php webpage in webTareas 2.0p8 suffers from a Reflected Cross Site Scripting (XSS) vulnerability via the query string.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-06-22
Page 3