Vulnerabilities > Webtareas Project > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-10-08 CVE-2021-41919 Unrestricted Upload of File with Dangerous Type vulnerability in Webtareas Project Webtareas 2.0/2.1
webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dangerous files without restrictions.
network
low complexity
webtareas-project CWE-434
6.5
6.5
2021-10-08 CVE-2021-41920 SQL Injection vulnerability in Webtareas Project Webtareas 2.0/2.1
webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters.
network
low complexity
webtareas-project CWE-89
5.0
5.0
2021-08-18 CVE-2020-23069 Path Traversal vulnerability in Webtareas Project Webtareas 2.0
Path Traversal vulneraility exists in webTareas 2.0 via the extpath parameter in general_serv.php, which could let a malicious user read arbitrary files.
network
low complexity
webtareas-project CWE-22
4.0
4.0
2020-09-18 CVE-2020-25735 Cross-site Scripting vulnerability in Webtareas Project Webtareas 2.0/2.1
webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, administration/departments.php, administration/locations.php, expenses/claim_type.php, projects/editproject.php, and general/newnotifications.php.
network
low complexity
webtareas-project CWE-79
6.1
6.1
2020-09-18 CVE-2020-25734 Path Traversal vulnerability in Webtareas Project Webtareas 2.0/2.1
webTareas through 2.1 allows files/Default/ Directory Listing.
network
low complexity
webtareas-project CWE-22
5.3
5.3
2020-06-22 CVE-2020-14973 Cross-site Scripting vulnerability in Webtareas Project Webtareas 2.0
The loginForm within the general/login.php webpage in webTareas 2.0p8 suffers from a Reflected Cross Site Scripting (XSS) vulnerability via the query string. 		4.3
4.3