High severity7.5NVD Advisory· Published Oct 8, 2021· Updated Jun 17, 2026
CVE-2021-41920
CVE-2021-41920
Description
webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters. This allows an attacker to access all the data in the database and obtain access to the webTareas application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- webTareas/webTareasdescription
Patches
Vulnerability mechanics
References
1- n4nj0.github.io/advisories/webtareas-multiple-vulnerabilities-i/nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.