Luiswang Webtareas vulnerabilities
3 known vulnerabilities affecting luiswang/webtareas.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2
Vulnerabilities
Page 1 of 1
CVE-2020-37080P3CRITICALCVSS 9.8v2.0.p82026-02-03
CVE-2020-37080 [CRITICAL] CWE-73 CVE-2020-37080: webTareas 2.0.p8 contains a file deletion vulnerability in the print_layout.php administration compo
webTareas 2.0.p8 contains a file deletion vulnerability in the print_layout.php administration component that allows authenticated attackers to delete arbitrary files. Attackers can exploit the vulnerability by manipulating the 'atttmp1' parameter to specify and delete files on the server through an unauthenticated file deletion mechanism.
nvd
CVE-2023-53971P3HIGHCVSS 8.8v2.42025-12-22
CVE-2023-53971 [HIGH] CWE-434 CVE-2023-53971: WebTareas 2.4 contains a file upload vulnerability that allows authenticated users to upload malicio
WebTareas 2.4 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the chat photo upload functionality. Attackers can upload a PHP file with arbitrary code to the /files/Messages/ directory and execute it directly through the generated file path.
nvd
CVE-2023-53972P3HIGHCVSS 7.5v2.42025-12-22
CVE-2023-53972 [HIGH] CWE-89 CVE-2023-53972: WebTareas 2.4 contains a SQL injection vulnerability in the webTareasSID cookie parameter that allow
WebTareas 2.4 contains a SQL injection vulnerability in the webTareasSID cookie parameter that allows unauthenticated attackers to manipulate database queries. Attackers can exploit error-based and time-based blind SQL injection techniques to extract database information and potentially access sensitive system data.
nvd