Vulnerabilities > Webtareas Project > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-08 | CVE-2021-41916 | Cross-Site Request Forgery (CSRF) vulnerability in Webtareas Project Webtareas A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version 2.4 and earlier allows a remote attacker to create a new administrative profile and add a new user to the new profile. | 8.8 |
| 2021-10-08 | CVE-2021-41919 | Unrestricted Upload of File with Dangerous Type vulnerability in Webtareas Project Webtareas webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dangerous files without restrictions. | 8.8 |
| 2021-10-08 | CVE-2021-41920 | SQL Injection vulnerability in Webtareas Project Webtareas webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters. | 7.5 |
| 2020-09-18 | CVE-2020-25733 | Unrestricted Upload of File with Dangerous Type vulnerability in Webtareas Project Webtareas 2.0/2.1 webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types. | 7.5 |