Time Tracker is an open source time tracking system. A time-based blind injection vulnerability existed in Time Tracker reports in versions prior to 1.22.13.5792. This was happening because the `reports.php` page was not validating all parameters in POST requests. Because some parameters were not checked, it was possible to craft POST requests with malicious SQL for Time Tracker database. This issue is fixed in version 1.22.13.5792. As a workaround, use the fixed code in `ttReportHelper.class.php` from version 1.22.13.5792.
References
Link | Resource |
---|---|
https://github.com/anuko/timetracker/security/advisories/GHSA-758x-vg7g-j9j3 | Vendor Advisory |
https://github.com/anuko/timetracker/security/advisories/GHSA-758x-vg7g-j9j3 | Vendor Advisory |
Configurations
History
21 Nov 2024, 08:03
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/anuko/timetracker/security/advisories/GHSA-758x-vg7g-j9j3 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
24 May 2023, 16:48
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | (MISC) https://github.com/anuko/timetracker/security/advisories/GHSA-758x-vg7g-j9j3 - Vendor Advisory | |
CPE | cpe:2.3:a:anuko:time_tracker:*:*:*:*:*:*:*:* |
12 May 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-12 19:15
Updated : 2024-11-21 08:03
NVD link : CVE-2023-32306
Mitre link : CVE-2023-32306
CVE.ORG link : CVE-2023-32306
JSON object : View
Products Affected
anuko
- time_tracker
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')