CVE-2025-10762
📋 TL;DR
This CVE describes a SQL injection vulnerability in kuaifan DooTask's UsersController.php file. Attackers can remotely exploit this by manipulating the 'keys[department]' parameter to execute arbitrary SQL commands. All DooTask instances up to version 1.2.49 are affected.
💻 Affected Systems
- kuaifan DooTask
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including data theft, data manipulation, or deletion of critical application data.
Likely Case
Unauthorized data access, privilege escalation, or extraction of sensitive user information from the database.
If Mitigated
Limited impact with proper input validation and database permissions restricting damage to non-critical data.
🎯 Exploit Status
Exploit details are publicly available in GitHub issues. Attack requires API access but not necessarily authentication depending on endpoint configuration.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.2.50 or later
Vendor Advisory: https://github.com/kuaifan/dootask/issues/283
Restart Required: No
Instructions:
1. Update DooTask to version 1.2.50 or later. 2. Apply the patch from the GitHub repository if updating is not possible. 3. Verify the fix by testing the vulnerable endpoint.
🔧 Temporary Workarounds
Input Validation Filter
allImplement strict input validation for the keys[department] parameter to block SQL injection attempts.
Add parameter validation in app/Http/Controllers/Api/UsersController.php
WAF Rule
allDeploy web application firewall rules to detect and block SQL injection patterns in API requests.
🧯 If You Can't Patch
- Restrict network access to DooTask API endpoints using firewall rules.
- Implement database user with minimal permissions to limit potential damage from SQL injection.
🔍 How to Verify
Check if Vulnerable:
Check DooTask version in admin panel or via version file. If version is 1.2.49 or earlier, system is vulnerable.Check Version:
Check version in dootask/.env or admin interfaceVerify Fix Applied:
Test the vulnerable endpoint with SQL injection payloads after patching to confirm they are blocked.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple failed login attempts via API
- Suspicious patterns in keys[department] parameter
Network Indicators:
- SQL keywords in API request parameters
- Unusual database connection patterns from application server
SIEM Query:
source="dootask" AND ("keys[department]" AND (SELECT OR UNION OR DROP))