CVE-2025-10762

Summary

A vulnerability was found in kuaifan DooTask up to 1.2.49. Affected by this vulnerability is an unknown functionality of the file app/Http/Controllers/Api/UsersController.php. The manipulation of the argument keys[department] results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.

Affected Software

VendorProductVersion RangeStatus
kuaifanDooTask1.2.0affected
kuaifanDooTask1.2.1affected
kuaifanDooTask1.2.2affected
kuaifanDooTask1.2.3affected
kuaifanDooTask1.2.4affected
kuaifanDooTask1.2.5affected
kuaifanDooTask1.2.6affected
kuaifanDooTask1.2.7affected
kuaifanDooTask1.2.8affected
kuaifanDooTask1.2.9affected
kuaifanDooTask1.2.10affected
kuaifanDooTask1.2.11affected
kuaifanDooTask1.2.12affected
kuaifanDooTask1.2.13affected
kuaifanDooTask1.2.14affected
kuaifanDooTask1.2.15affected
kuaifanDooTask1.2.16affected
kuaifanDooTask1.2.17affected
kuaifanDooTask1.2.18affected
kuaifanDooTask1.2.19affected
kuaifanDooTask1.2.20affected
kuaifanDooTask1.2.21affected
kuaifanDooTask1.2.22affected
kuaifanDooTask1.2.23affected
kuaifanDooTask1.2.24affected
kuaifanDooTask1.2.25affected
kuaifanDooTask1.2.26affected
kuaifanDooTask1.2.27affected
kuaifanDooTask1.2.28affected
kuaifanDooTask1.2.29affected
kuaifanDooTask1.2.30affected
kuaifanDooTask1.2.31affected
kuaifanDooTask1.2.32affected
kuaifanDooTask1.2.33affected
kuaifanDooTask1.2.34affected
kuaifanDooTask1.2.35affected
kuaifanDooTask1.2.36affected
kuaifanDooTask1.2.37affected
kuaifanDooTask1.2.38affected
kuaifanDooTask1.2.39affected
kuaifanDooTask1.2.40affected
kuaifanDooTask1.2.41affected
kuaifanDooTask1.2.42affected
kuaifanDooTask1.2.43affected
kuaifanDooTask1.2.44affected
kuaifanDooTask1.2.45affected
kuaifanDooTask1.2.46affected
kuaifanDooTask1.2.47affected
kuaifanDooTask1.2.48affected
kuaifanDooTask1.2.49affected

Weaknesses

  • CWE-89: SQL Injection
  • CWE-74: Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References