Lucene search
PRIOn knowledge basePRION:CVE-2023-32308HistoryMay 15, 2023 - 9:15 p.m.
Sql injection
2023-05-1521:15:00
PRIOn knowledge base
www.prio-n.com
1
anuko timetracker
sql injection
fix
version upgrade
post request
coding error
security issue
nvd
anuko timetracker is an open source time tracking system. Boolean-based blind SQL injection vulnerability existed in Time Tracker invoices.php in versions prior to 1.22.11.5781. This was happening because of a coding error after validating parameters in POST requests. There was no check for errors before adjusting invoice sorting order. Because of this, it was possible to craft a POST request with malicious SQL for Time Tracker database. This issue has been fixed in version 1.22.11.5781. Users are advised to upgrade. Users unable to upgrade may insert an additional check for errors in a condition before calling ttGroupHelper::getActiveInvoices() in invoices.php.
| CPE | Name | Operator | Version |
|---|---|---|---|
| time_tracker | lt | 1.22.11.5781 |
Related
cvelist
cvelist
CVE-2023-32308 SQL Injection Vulnerability in anuko timetracker
2023-05-15 20:47:06
nvd
nvd
CVE-2023-32308
2023-05-15 21:15:09
cve
cve
CVE-2023-32308
2023-05-15 21:15:09
osv
osv
CVE-2023-32308
2023-05-15 21:15:09