Unauthenticated SQL Injection Vulnerability in webTareas Version 2.4 and Earlier

Unauthenticated SQL Injection Vulnerability in webTareas Version 2.4 and Earlier

CVE-2021-41920 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters. This allows an attacker to access all the data in the database and obtain access to the webTareas application.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.