We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-56801

Tasklists has Blind SQL Injection in /ajax/reorder.php



Description

Tasklists provides plugin tasklists for GLPI. Versions prior to 2.0.4 have a blind SQL injection vulnerability. Version 2.0.4 contains a patch for the vulnerability.

Reserved 2024-12-30 | Published 2024-12-30 | Updated 2024-12-30 | Assigner GitHub_M


MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

< 2.0.4
affected

References

github.com/...klists/security/advisories/GHSA-c6fw-xw9x-gwjw

github.com/...ommit/6444026e3d2b8fb22d5e5ab03fb86056e1ac9e43

cve.org (CVE-2024-56801)

nvd.nist.gov (CVE-2024-56801)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-56801

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.