CVE-2023-4987

Name of the Vulnerable Software and Affected Versions infinitietech taskhub version 2.8.7

Description A critical issue has been found in the GET Parameter Handler component, specifically affecting the /home/get tasks list file. The manipulation of the project/status/user id/sort/search argument leads to SQL injection.

Recommendations For infinitietech taskhub version 2.8.7, consider restricting access to the project/status/user id/sort/search argument in the GET Parameter Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.