Webtareas_project Webtareas

27 CVEs affecting Webtareas_project Webtareas. Latest disclosed: 2025-12-22. Critical: 3, High: 6.

Top CVEs affecting Webtareas_project Webtareas
CVESeverityScorePublishedSummary
CVE-2022-44291Critical9.82022-12-02webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php.
CVE-2022-44290Critical9.82022-12-02webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php.
CVE-2021-43481Critical9.82022-04-20An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php.
CVE-2023-53971High8.82025-12-22WebTareas 2.4 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the chat photo upload functionality. A…
CVE-2021-41919High8.82021-10-08webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dangerous files without restrictions. This is working by addin…
CVE-2021-41916High8.82021-10-08A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version 2.4 and earlier allows a remote attacker to create a new administrative profile and add…
CVE-2023-53972High7.52025-12-22WebTareas 2.4 contains a SQL injection vulnerability in the webTareasSID cookie parameter that allows unauthenticated attackers to manipulate database queries…
CVE-2021-41920High7.52021-10-08webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, v…
CVE-2020-25733High7.52020-09-18webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types.
CVE-2020-23069Medium6.52021-08-18Path Traversal vulneraility exists in webTareas 2.0 via the extpath parameter in general_serv.php, which could let a malicious user read arbitrary files.
CVE-2020-25735Medium6.12020-09-18webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, administration/departments.php, a…
CVE-2020-14973Medium6.12020-06-22The loginForm within the general/login.php webpage in webTareas 2.0p8 suffers from a Reflected Cross Site Scripting (XSS) vulnerability via the query string.
CVE-2022-44962Medium5.42022-12-02webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /calendar/viewcalendar.php. This vulnerability allows att…
CVE-2022-44961Medium5.42022-12-02webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /forums/editforum.php. This vulnerability allows attacker…
CVE-2022-44960Medium5.42022-12-02webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /general/search.php?searchtype=simple. This vulnerability…
CVE-2022-44959Medium5.42022-12-02webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /meetings/listmeetings.php. This vulnerability allows att…
CVE-2022-44957Medium5.42022-12-02webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /clients/listclients.php. This vulnerability allows attac…
CVE-2022-44956Medium5.42022-12-02webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /projects/listprojects.php. This vulnerability allows att…
CVE-2022-44955Medium5.42022-12-02webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the Chat function. This vulnerability allows attackers to execute arbit…
CVE-2022-44954Medium5.42022-12-02webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /contacts/listcontacts.php. This vulnerability allows att…