Unrated severityNVD Advisory· Published Dec 22, 2025· Updated Apr 7, 2026
WebTareas 2.4 Unauthenticated SQL Injection via Session Cookie Parameter
CVE-2023-53972
Description
WebTareas 2.4 contains a SQL injection vulnerability in the webTareasSID cookie parameter that allows unauthenticated attackers to manipulate database queries. Attackers can exploit error-based and time-based blind SQL injection techniques to extract database information and potentially access sensitive system data.
Affected products
2- luiswang/WebTareasv5Range: 2.4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.exploit-db.com/exploits/51087mitreexploit
- www.vulncheck.com/advisories/webtareas-unauthenticated-sql-injection-via-session-cookie-parametermitrethird-party-advisory
- sourceforge.net/projects/webtareas/mitreproduct
News mentions
0No linked articles in our index yet.