WebTareas 2.4 contains a SQL injection vulnerability in the webTareasSID cookie parameter that allows unauthenticated attackers to manipulate database queries. Attackers can exploit error-based and time-based blind SQL injection techniques to extract database information and potentially access sensitive system data.
References
| Link | Resource |
|---|---|
| https://sourceforge.net/projects/webtareas/ | Product |
| https://www.exploit-db.com/exploits/51087 | Exploit |
| https://www.vulncheck.com/advisories/webtareas-unauthenticated-sql-injection-via-session-cookie-parameter | Exploit Third Party Advisory |
Configurations
History
27 Dec 2025, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.vulncheck.com/advisories/webtareas-unauthenticated-sql-injection-via-session-cookie-parameter - Exploit, Third Party Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
26 Dec 2025, 17:24
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Webtareas Project webtareas
Webtareas Project |
|
| References | () https://sourceforge.net/projects/webtareas/ - Product | |
| References | () https://www.exploit-db.com/exploits/51087 - Exploit | |
| References | () https://www.vulncheck.com/advisories/webtareas-unauthenticated-sql-injection-via-session-cookie-parameter - Third Party Advisory, Exploit | |
| CPE | cpe:2.3:a:webtareas_project:webtareas:2.4:-:*:*:*:*:*:* |
22 Dec 2025, 22:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-12-22 22:16
Updated : 2025-12-27 17:15
NVD link : CVE-2023-53972
Mitre link : CVE-2023-53972
CVE.ORG link : CVE-2023-53972
JSON object : View
Products Affected
webtareas_project
- webtareas
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')