CVE-2021-41919

Name of the Vulnerable Software and Affected Versions webTareas versions 2.4 and earlier

Description The issue allows an authenticated user to upload potentially dangerous files without restrictions by adding or replacing a personal profile picture. The affected endpoint is "/includes/upload.php" on the HTTP POST data. This enables an attacker to exploit the platform by injecting code or malware and, under certain conditions, to execute code on remote user browsers.

Recommendations For webTareas versions 2.4 and earlier, consider disabling the file upload feature in the "/includes/upload.php" endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using this feature to upload files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.