CVE-2024-56801

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Tasklists versions prior to 2.0.4

Description: The issue is related to a blind SQL injection vulnerability. Tasklists provides plugin tasklists for GLPI. Versions prior to 2.0.4 are affected.

Recommendations: For versions prior to 2.0.4, update to version 2.0.4 to resolve the issue. As a temporary workaround, consider restricting access to sensitive database queries until the patch is applied.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2024-56801

GHSA-C6FW-XW9X-GWJW

Affected Products

Tasklists

CVE-2024-56801

Weakness Enumeration

Related Identifiers

Affected Products

References · 8