CVE-2021-41920

Published: Oct 8, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters. This allows an attacker to access all the data in the database and obtain access to the webTareas application.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://n4nj0.github.io/advisories/webtareas-multiple-vulnerabilities-i/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-41920

Description

Affected Products

References