Security Advisory

CVE-2021-41920

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-10-08 15:37:54

Last updated 2024-08-04 03:22:25

Assigner mitre

State PUBLISHED

Description

webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters. This allows an attacker to access all the data in the database and obtain access to the webTareas application.

← Browse all CVEs View on cve.org ↗