Taskfreak : Security Vulnerabilities, CVEs, Published In 2010
SQL injection vulnerability in the loadByKey function in the TznDbConnection class in tzn_mysql.php in Tirzen (aka TZN) Framework 1.5, as used in TaskFreak! before 0.6.3, allows remote attackers to execute arbitrary SQL commands via the username field in a login action.
Max CVSS
7.5
EPSS Score
0.09%
Published
2010-05-06
Updated
2017-08-17
SQL injection vulnerability in include/classes/tzn_user.php in TaskFreak! Original multi user before 0.6.4 allows remote attackers to execute arbitrary SQL commands via the password parameter to login.php.
Max CVSS
7.5
EPSS Score
0.32%
Published
2010-06-30
Updated
2018-10-10
Cross-site scripting (XSS) vulnerability in logout.php in TaskFreak! Original multi user before 0.6.4 allows remote attackers to inject arbitrary web script or HTML via the tznMessage parameter.
Max CVSS
4.3
EPSS Score
0.25%
Published
2010-06-30
Updated
2018-10-10
3 vulnerabilities found