kuaifan DooTask UsersController.php sql injection_CVE-2025-10762

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in kuaifan DooTask up to 1.2.49. Affected by this vulnerability is an unknown functionality of the file app/Http/Controllers/Api/UsersController.php. The manipulation of the argument keys[department] results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.

Basic Information

ID CVE-2025-10762

Source VulDB

Published Sep 21, 2025 at 04:32

Affected Product

Vendor kuaifan

Product DooTask

Version 1.2.0

Affected Versions kuaifan DooTask 1.2.0
kuaifan DooTask 1.2.1
kuaifan DooTask 1.2.2
kuaifan DooTask 1.2.3
kuaifan DooTask 1.2.4
kuaifan DooTask 1.2.5
kuaifan DooTask 1.2.6
kuaifan DooTask 1.2.7
kuaifan DooTask 1.2.8
kuaifan DooTask 1.2.9
kuaifan DooTask 1.2.10
kuaifan DooTask 1.2.11
kuaifan DooTask 1.2.12
kuaifan DooTask 1.2.13
kuaifan DooTask 1.2.14
kuaifan DooTask 1.2.15
kuaifan DooTask 1.2.16
kuaifan DooTask 1.2.17
kuaifan DooTask 1.2.18
kuaifan DooTask 1.2.19
kuaifan DooTask 1.2.20
kuaifan DooTask 1.2.21
kuaifan DooTask 1.2.22
kuaifan DooTask 1.2.23
kuaifan DooTask 1.2.24
kuaifan DooTask 1.2.25
kuaifan DooTask 1.2.26
kuaifan DooTask 1.2.27
kuaifan DooTask 1.2.28
kuaifan DooTask 1.2.29
kuaifan DooTask 1.2.30
kuaifan DooTask 1.2.31
kuaifan DooTask 1.2.32
kuaifan DooTask 1.2.33
kuaifan DooTask 1.2.34
kuaifan DooTask 1.2.35
kuaifan DooTask 1.2.36
kuaifan DooTask 1.2.37
kuaifan DooTask 1.2.38
kuaifan DooTask 1.2.39
kuaifan DooTask 1.2.40
kuaifan DooTask 1.2.41
kuaifan DooTask 1.2.42
kuaifan DooTask 1.2.43
kuaifan DooTask 1.2.44
kuaifan DooTask 1.2.45
kuaifan DooTask 1.2.46
kuaifan DooTask 1.2.47
kuaifan DooTask 1.2.48
kuaifan DooTask 1.2.49

CWE Classification

CWE-89 CWE-74

References

{
    "lastseen": "",
    "description": "A vulnerability was found in kuaifan DooTask up to 1.2.49. Affected by this vulnerability is an unknown functionality of the file app/Http/Controllers/Api/UsersController.php. The manipulation of the argument keys[department] results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.",
    "published": "2025-09-21T04:32:06.811Z",
    "modified": "2025-09-21T04:32:06.811Z",
    "type": "cve",
    "title": "kuaifan DooTask UsersController.php sql injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.325117\nhttps://vuldb.com/?ctiid.325117\nhttps://vuldb.com/?submit.646886\nhttps://github.com/kuaifan/dootask/issues/283\nhttps://github.com/kuaifan/dootask/issues/283#issue-3379188930",
    "id": "CVE-2025-10762",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "kuaifan DooTask 1.2.0\nkuaifan DooTask 1.2.1\nkuaifan DooTask 1.2.2\nkuaifan DooTask 1.2.3\nkuaifan DooTask 1.2.4\nkuaifan DooTask 1.2.5\nkuaifan DooTask 1.2.6\nkuaifan DooTask 1.2.7\nkuaifan DooTask 1.2.8\nkuaifan DooTask 1.2.9\nkuaifan DooTask 1.2.10\nkuaifan DooTask 1.2.11\nkuaifan DooTask 1.2.12\nkuaifan DooTask 1.2.13\nkuaifan DooTask 1.2.14\nkuaifan DooTask 1.2.15\nkuaifan DooTask 1.2.16\nkuaifan DooTask 1.2.17\nkuaifan DooTask 1.2.18\nkuaifan DooTask 1.2.19\nkuaifan DooTask 1.2.20\nkuaifan DooTask 1.2.21\nkuaifan DooTask 1.2.22\nkuaifan DooTask 1.2.23\nkuaifan DooTask 1.2.24\nkuaifan DooTask 1.2.25\nkuaifan DooTask 1.2.26\nkuaifan DooTask 1.2.27\nkuaifan DooTask 1.2.28\nkuaifan DooTask 1.2.29\nkuaifan DooTask 1.2.30\nkuaifan DooTask 1.2.31\nkuaifan DooTask 1.2.32\nkuaifan DooTask 1.2.33\nkuaifan DooTask 1.2.34\nkuaifan DooTask 1.2.35\nkuaifan DooTask 1.2.36\nkuaifan DooTask 1.2.37\nkuaifan DooTask 1.2.38\nkuaifan DooTask 1.2.39\nkuaifan DooTask 1.2.40\nkuaifan DooTask 1.2.41\nkuaifan DooTask 1.2.42\nkuaifan DooTask 1.2.43\nkuaifan DooTask 1.2.44\nkuaifan DooTask 1.2.45\nkuaifan DooTask 1.2.46\nkuaifan DooTask 1.2.47\nkuaifan DooTask 1.2.48\nkuaifan DooTask 1.2.49",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DooTask",
    "version": "1.2.0",
    "vendor": "kuaifan",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}