CVE-2007-2622

TaskDriver <1.2 - SQL Injection

Title source: llm

Description

Multiple SQL injection vulnerabilities in TaskDriver 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to login.php or (2) the taskid parameter to notes.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Silentz · perlwebappsphp

https://www.exploit-db.com/exploits/3896

View Code ZIP pw:eip

References (7)

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/1768

[Third Party Advisory] http://secunia.com/advisories/25221

[Third Party Advisory, VDB Entry] http://osvdb.org/35973

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/3896

[Third Party Advisory, VDB Entry] http://osvdb.org/35972

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/34249

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/23919

Scores

EPSS 0.0129

EPSS Percentile 79.8%

Details

Status published

Products (1)

taskdriver/taskdriver < 1.2

Published May 11, 2007

Tracked Since Feb 18, 2026