exploitDog

CVE-2023-53972

Опубликовано: 22 дек. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

WebTareas 2.4 contains a SQL injection vulnerability in the webTareasSID cookie parameter that allows unauthenticated attackers to manipulate database queries. Attackers can exploit error-based and time-based blind SQL injection techniques to extract database information and potentially access sensitive system data.

Ссылки

https://sourceforge.net/projects/webtareas/
Product
https://www.exploit-db.com/exploits/51087
Exploit
https://www.vulncheck.com/advisories/webtareas-unauthenticated-sql-injection-via-session-cookie-parameter
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:webtareas_project:webtareas:2.4:-:*:*:*:*:*:*

EPSS

Процентиль: 23%

0.00077

Низкий

7.5 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-vrj2-8hr4-9mhm

CVSS3: 8.2

github

около 2 месяцев назад

WebTareas 2.4 contains a SQL injection vulnerability in the webTareasSID cookie parameter that allows unauthenticated attackers to manipulate database queries. Attackers can exploit error-based and time-based blind SQL injection techniques to extract database information and potentially access sensitive system data.

EPSS

Процентиль: 23%

0.00077

Низкий

7.5 High

CVSS3

Дефекты

CWE-89