Submit #646886: kuaifan DooTask <= 1.2.49 SQL Injectioninfo

Titlekuaifan DooTask <= 1.2.49 SQL Injection
DescriptionThere is a SQL injection vulnerability in dootask versions less than or equal to 1.2.49. Any logged-in user can inject SQL through the keys[department] parameter of /api/users/lists.
Source⚠️ https://github.com/kuaifan/dootask/issues/283
User
 A_Groundhog (UID 89054)
Submission09/03/2025 12:04 (9 months ago)
Moderation09/20/2025 09:07 (17 days later)
StatusAccepted
VulDB entry325117 [kuaifan DooTask up to 1.2.49 UsersController.php keys[department] sql injection]
Points16

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!