CVE-2025-10762

Name of the Vulnerable Software and Affected Versions kuaifan DooTask versions through 1.2.49

Description A vulnerability exists in kuaifan DooTask up to version 1.2.49, specifically within the file app/Http/Controllers/Api/UsersController.php. Manipulation of the keys[department] argument results in SQL injection. The attack can be executed remotely. The exploit has been made public.

Recommendations Versions prior to 1.2.49 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.