VYPR

Dootask

by Kuaifan

Source repositories

CVEs (5)

  • CVE-2025-10762MedSep 21, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in kuaifan DooTask up to 1.2.49. Affected by this vulnerability is an unknown functionality of the file app/Http/Controllers/Api/UsersController.php. The manipulation of the argument keys[department] results in sql injection. The attack can be executed…

  • CVE-2026-29828MedMar 20, 2026
    risk 0.40cvss 6.1epss 0.00

    DooTask v1.6.27 has a Cross-Site Scripting (XSS) vulnerability in the /manage/project/ page via the input field projectDesc.

  • CVE-2025-55455Aug 22, 2025
    risk 0.00cvss epss 0.00

    DooTask v1.0.51 was dicovered to contain an authenticated arbitrary download vulnerability via the component /msg/sendtext.

  • CVE-2025-55454Aug 22, 2025
    risk 0.00cvss epss 0.01

    An authenticated arbitrary file upload vulnerability in the component /msg/sendfiles of DooTask v1.0.51 allows attackers to execute arbitrary code via uploading a crafted file.

  • CVE-2024-34906May 15, 2024
    risk 0.00cvss epss 0.00

    An arbitrary file upload vulnerability in dootask v0.30.13 allows attackers to execute arbitrary code via uploading a crafted PDF file.