CVE-2021-41920

Name of the Vulnerable Software and Affected Versions webTareas versions 2.4 and earlier

Description The issue allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor cible, sor champs, and sor ordre HTTP POST parameters. This enables an attacker to access all the data in the database and obtain access to the webTareas application.

Recommendations For webTareas versions 2.4 and earlier, consider disabling access to the /includes/library.php endpoint until a patch is available. Restrict the use of the sor cible, sor champs, and sor ordre parameters in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.