Anuko Time Tracker is an open source time counting system for individual developers. A platform used to count employee time spent on various tasks, Anuko Time Tracker is vulnerable to a SQL injection vulnerability that stems from the group and status parameters in the groups.php file not being properly checked in POST requests. When navigating between subgroups of an organization, the group parameter is posted. The Status parameter is used in multiple files to change the status of an entity, such as to make a project, task, or user inactive. An attacker could use this vulnerability to obtain sensitive information.
CPE | Name | Operator | Version |
---|---|---|---|
Anuko Time Tracker Anuko Time Tracker <=1. | eq | 19.33.5606 |