This host is running Task Freak and is prone to Cross Site Scripting and SQL Injection vulnerabilities.

Successful exploitation will allow remote attackers to execute arbitrary HTML and script code and manipulate SQL queries by injecting arbitrary SQL code in a user's browser session in the context of an affected site. Impact Level: Application.

Upgrade to the TaskFreak version 0.6.4 or later For updates refer to http://www.taskfreak.com/download.php

The flaws are due to: - Improper validation of user supplied input to 'tznMessage' parameter in 'logout.php'. - Input passed via the 'password' parameter to 'login.php' (when username is set to a valid user), which is not properly sanitised before being used in a SQL query in 'include/classes/tzn_user.php'.

TaskFreak version prior to 0.6.4

• http://secunia.com/advisories/40025
• http://www.securityfocus.com/archive/1/archive/1/512078/100/0/threaded

---

Updated on 2015-03-25