CVE-2024-56801

CRITICAL

Tasklists <2.0.4 - SQL Injection

Title source: llm

Description

Tasklists provides plugin tasklists for GLPI. Versions prior to 2.0.4 have a blind SQL injection vulnerability. Version 2.0.4 contains a patch for the vulnerability.

Exploits (1)

nomisec STUB
by kz0xpwn · poc
https://github.com/kz0xpwn/CVE-2024-56801

References (2)

Scores

CVSS v3 9.8
EPSS 0.0839
EPSS Percentile 92.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
infotel/tasklists < 2.0.4
Published Dec 30, 2024
Tracked Since Feb 18, 2026