319398761

**Name of the Vulnerable Software and Affected Versions** a54552239 pearProjectApi versions up to 2.8.10 **Description** A security flaw exists in a54552239 pearProjectApi. The `dateTotalForProject` function within the `application/common/Model/Task.php` file of the Backend Interface component is susceptible to SQL injection due to manipulation of the `projectCode` argument. This issue can be exploited remotely. The exploit is publicly available. The vendor was notified but did not respond. **Recommendations** Versions prior to 2.8.10 are recommended. As a temporary workaround, consider restricting access to the `dateTotalForProject` function until a patch is available.