A_Groundhog

**Name of the Vulnerable Software and Affected Versions** kuaifan DooTask versions through 1.2.49 **Description** A vulnerability exists in kuaifan DooTask up to version 1.2.49, specifically within the file `app/Http/Controllers/Api/UsersController.php`. Manipulation of the `keys[department]` argument results in SQL injection. The attack can be executed remotely. The exploit has been made public. **Recommendations** Versions prior to 1.2.49 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.