CVE-2024-6808 – itsourcecode Simple Task List signUp.php insertUserRecord sql injection
https://notcve.org/view.php?id=CVE-2024-6808
A vulnerability was found in itsourcecode Simple Task List 1.0. It has been classified as critical. This affects the function insertUserRecord of the file signUp.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. • https://github.com/qianqiusujiu/cve/issues/1 https://vuldb.com/?ctiid.271707 https://vuldb.com/?id.271707 https://vuldb.com/?submit.375154 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-6653 – code-projects Simple Task List Login loginForm.php sql injection
https://notcve.org/view.php?id=CVE-2024-6653
A vulnerability was found in code-projects Simple Task List 1.0. It has been declared as critical. This vulnerability affects unknown code of the file loginForm.php of the component Login. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. • https://github.com/hantianj/cve/issues/1 https://vuldb.com/?ctiid.271060 https://vuldb.com/?id.271060 https://vuldb.com/?submit.372263 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-46023 – Simple Task List 1.0 SQL Injection
https://notcve.org/view.php?id=CVE-2023-46023
SQL injection vulnerability in addTask.php in Code-Projects Simple Task List 1.0 allows attackers to obtain sensitive information via the 'status' parameter. Vulnerabilidad de inyección SQL en addTask.php en Code-Projects Simple Task List 1.0 permite a los atacantes obtener información confidencial a través del parámetro 'status'. Simple Task List version 1.0 suffers from a remote SQL injection vulnerability. • https://github.com/ersinerenler/Code-Projects-Simple-Task-List-1.0/blob/main/CVE-2023-46023-Code-Projects-Simple-Task-List-1.0-SQL-Injection-Vulnerability.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •