vendor:
WebTareas
by:
Behrad Taher
9.8
CVSS
CRITICAL
Blind SQL Injection
89
CWE
Product Name: WebTareas
Affected Version From: < 2.4p3
Affected Version To: Not specified
Patch Exists: NO
Related CWE: CVE-2021-43481
CPE: Not specified
Platforms Tested:
2022
WebTareas 2.4 – Blind SQLi (Authenticated)
This exploit allows an attacker to perform blind SQL injection attacks on the WebTareas 2.4 application. By exploiting the vulnerability, an attacker can extract login credentials and passwords from the application's database.
Mitigation:
The vendor should release a patch that fixes the SQL injection vulnerability. In the meantime, users should avoid using the affected version of the software or implement additional security measures to protect against SQL injection attacks.