Webtareas_project Webtareas
27 CVEs affecting Webtareas_project Webtareas. Latest disclosed: 2025-12-22. Critical: 3, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-44291 | Critical | 9.8 | 2022-12-02 | webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php. |
CVE-2022-44290 | Critical | 9.8 | 2022-12-02 | webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php. |
CVE-2021-43481 | Critical | 9.8 | 2022-04-20 | An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php. |
CVE-2023-53971 | High | 8.8 | 2025-12-22 | WebTareas 2.4 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the chat photo upload functionality. A… |
CVE-2021-41919 | High | 8.8 | 2021-10-08 | webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dangerous files without restrictions. This is working by addin… |
CVE-2021-41916 | High | 8.8 | 2021-10-08 | A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version 2.4 and earlier allows a remote attacker to create a new administrative profile and add… |
CVE-2023-53972 | High | 7.5 | 2025-12-22 | WebTareas 2.4 contains a SQL injection vulnerability in the webTareasSID cookie parameter that allows unauthenticated attackers to manipulate database queries… |
CVE-2021-41920 | High | 7.5 | 2021-10-08 | webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, v… |
CVE-2020-25733 | High | 7.5 | 2020-09-18 | webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types. |
CVE-2020-23069 | Medium | 6.5 | 2021-08-18 | Path Traversal vulneraility exists in webTareas 2.0 via the extpath parameter in general_serv.php, which could let a malicious user read arbitrary files. |
CVE-2020-25735 | Medium | 6.1 | 2020-09-18 | webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, administration/departments.php, a… |
CVE-2020-14973 | Medium | 6.1 | 2020-06-22 | The loginForm within the general/login.php webpage in webTareas 2.0p8 suffers from a Reflected Cross Site Scripting (XSS) vulnerability via the query string. |
CVE-2022-44962 | Medium | 5.4 | 2022-12-02 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /calendar/viewcalendar.php. This vulnerability allows att… |
CVE-2022-44961 | Medium | 5.4 | 2022-12-02 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /forums/editforum.php. This vulnerability allows attacker… |
CVE-2022-44960 | Medium | 5.4 | 2022-12-02 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /general/search.php?searchtype=simple. This vulnerability… |
CVE-2022-44959 | Medium | 5.4 | 2022-12-02 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /meetings/listmeetings.php. This vulnerability allows att… |
CVE-2022-44957 | Medium | 5.4 | 2022-12-02 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /clients/listclients.php. This vulnerability allows attac… |
CVE-2022-44956 | Medium | 5.4 | 2022-12-02 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /projects/listprojects.php. This vulnerability allows att… |
CVE-2022-44955 | Medium | 5.4 | 2022-12-02 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the Chat function. This vulnerability allows attackers to execute arbit… |
CVE-2022-44954 | Medium | 5.4 | 2022-12-02 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /contacts/listcontacts.php. This vulnerability allows att… |