SQL Injection Vulnerability in Task Manager App by Burak Sevben
CVE-2024-25220

9.8CRITICAL

Key Information:

Vendor: Task Manager In PHP With Source Code Project
Status: Task Manager In PHP With Source Code
Vendor: CVE Published:; 14 February 2024

Summary

The Task Manager App version 1.0 is vulnerable to a SQL injection attack through the taskID parameter in the file /TaskManager/EditTask.php. This vulnerability allows attackers to manipulate database queries, potentially leading to unauthorized access to sensitive information or unintended system behavior. Proper input validation and parameterized queries are critical for mitigating this type of vulnerability.

References

https://github.com/BurakSevben/CVEs/blob/main/Task%20Mana...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 14, 2024
Vulnerability Reserved
Feb 7, 2024