CNNVD-202512-3922 Information
CNNVD ID
CNNVD-202512-3922
Related CVE
- CNNVD Published: 2025-12-22
Description (Chinese)
webTareas是luiswang个人开发者的一款基于Web的开源协作工具。该产品支持项目管理、错误跟踪、内容管理和会议管理等功能。 webTareas 2.4版本存在SQL注入漏洞,该漏洞源于webTareasSID cookie参数存在SQL注入,可能导致未经验证的攻击者操纵数据库查询。
Description (English)
WebTareas is a Web-based open-source collaboration tool for Luiswang personal developers. The product supports functions such as project management, error tracking, content management and conference management. Version 2.4 of WebTareas has an injection loophole in SQL, which stems from the presence of SQL injections of the webTareasSID cookies parameter, which could lead to uncertified assailants manipulating the database.
Hazard Level
Medium
Vulnerability Type
SQL注入
Affected Vendor
个人开发者
Published
2025-12-22
Last Modified
2026-02-24
References
https://www.exploit-db.com/exploits/51087 https://sourceforge.net/projects/webtareas/ https://www.vulncheck.com/advisories/webtareas-unauthenticated-sql-injection-via-session-cookie-parameter https://access.redhat.com/security/cve/cve-2023-53972
Patch
https://sourceforge.net/projects/webtareas/
Share on: