CVE-2022-44291

Name of the Vulnerable Software and Affected Versions webTareas version 2.4p5

Description The issue is a SQL injection vulnerability. It occurs via the id parameter in the phasesets.php file. This allows for potential exploitation by injecting malicious SQL code.

Recommendations For webTareas version 2.4p5, consider restricting access to the phasesets.php file to minimize the risk of exploitation. Avoid using the id parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.