Lucene search
K

180 matches found

Prion
Prion
added 2022/02/24 4:15 p.m.13 views

Sql injection

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. UNION SQL injection and time-based blind injection vulnerabilities existed in Time Tracker Puncher plugin in versions of anuko timetracker prior to 1.20.0.5642. This was happening because the Puncher plugin...

6.5CVSS9.2AI score0.07159EPSS
Exploits5References3Affected Software1
Prion
Prion
added 2022/02/24 4:15 p.m.20 views

Information disclosure

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. ttUser.class.php in Time Tracker versions prior to 1.20.0.5646 was not escaping primary group name for display. Because of that, it was possible for a logged in user to modify primary group name with element...

3.5CVSS5.3AI score0.00552EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/02/24 12:0 a.m.10 views

Anuko Time Tracker SQL注入漏洞

Anuko Time Tracker is an open source time counting system for individual developers. A platform for counting the time spent by employees on various tasks. An SQL injection vulnerability exists in versions prior to Anuko Time Tracker 1.20.0.5646.The vulnerability stems from the fact that the Punch...

8.8CVSS8.2AI score0.07159EPSS
Exploits5References8
CNNVD
CNNVD
added 2022/02/24 12:0 a.m.7 views

Anuko Time Tracker 跨站脚本漏洞

Anuko Time Tracker is an open source time counting system for individual developers. A platform for counting the time spent by employees on various tasks. A cross-site scripting vulnerability exists in versions prior to Anuko Time Tracker 1.20.0.5646, which stems from the fact that ttUser.class.p...

6.5CVSS5.4AI score0.00552EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/02/23 11:50 p.m.19 views

CVE-2022-24707 SQL injection in anuko timetracker

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. UNION SQL injection and time-based blind injection vulnerabilities existed in Time Tracker Puncher plugin in versions of anuko timetracker prior to 1.20.0.5642. This was happening because the Puncher plugin...

7.4CVSS9.4AI score0.07159EPSS
Exploits5References3
Vulnrichment
Vulnrichment
added 2022/02/23 11:50 p.m.7 views

CVE-2022-24707 SQL injection in anuko timetracker

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. UNION SQL injection and time-based blind injection vulnerabilities existed in Time Tracker Puncher plugin in versions of anuko timetracker prior to 1.20.0.5642. This was happening because the Puncher plugin...

7.4CVSS9.2AI score0.07159EPSS
Exploits5References3
CVE
CVE
added 2022/02/23 11:50 p.m.98 views

CVE-2022-24707

CVE-2022-24707 affects Anuko Time Tracker’s Puncher plugin, with an unsanitized date parameter in POST requests enabling SQL injection vulnerabilities (Union-based and time-based blind) in versions prior to 1.20.0.5642. The issue arises from reusing code and unvalidated input, allowing crafted PO...

8.8CVSS8.7AI score0.07159EPSS
Exploits5References3Affected Software1
OSV
OSV
added 2022/02/23 11:50 p.m.44 views

CVE-2022-24707 SQL injection in anuko timetracker

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. UNION SQL injection and time-based blind injection vulnerabilities existed in Time Tracker Puncher plugin in versions of anuko timetracker prior to 1.20.0.5642. This was happening because the Puncher plugin...

7.4CVSS8.9AI score0.07159EPSS
Exploits5References5
CVE
CVE
added 2022/02/23 11:50 p.m.112 views

CVE-2022-24708

The CVE-2022-24708 entry describes a Stored XSS vulnerability in Anuko Time Tracker. The issue occurs in ttUser.class.php where the primary group name was not escaped for display, allowing a logged-in user to inject JavaScript that could execute in their browser on pages displaying the group name...

6.5CVSS5.5AI score0.00552EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/02/23 11:50 p.m.27 views

CVE-2022-24708 Stored XSS vulnerability in anuko/timetracker

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. ttUser.class.php in Time Tracker versions prior to 1.20.0.5646 was not escaping primary group name for display. Because of that, it was possible for a logged in user to modify primary group name with element...

6.5CVSS5.4AI score0.00552EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/02/23 11:50 p.m.10 views

CVE-2022-24708 Stored XSS vulnerability in anuko/timetracker

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. ttUser.class.php in Time Tracker versions prior to 1.20.0.5646 was not escaping primary group name for display. Because of that, it was possible for a logged in user to modify primary group name with element...

6.5CVSS6.4AI score0.00552EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/02/23 11:50 p.m.27 views

CVE-2022-24708 Stored XSS vulnerability in anuko/timetracker

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. ttUser.class.php in Time Tracker versions prior to 1.20.0.5646 was not escaping primary group name for display. Because of that, it was possible for a logged in user to modify primary group name with element...

6.5CVSS6.5AI score0.00552EPSS
Exploits0References2
CNVD
CNVD
added 2021/12/23 12:0 a.m.17 views

Anuko Time Tracker SQL Injection Vulnerability

Anuko Time Tracker is an open source time counting system for individual developers. A platform used to count employee time spent on various tasks, Anuko Time Tracker is vulnerable to a SQL injection vulnerability that stems from the group and status parameters in the groups.php file not being...

8.8CVSS2.4AI score0.01165EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/12/22 12:15 a.m.3 views

CVE-2021-43851

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. SQL injection vulnerability exist in multiple files in Time Tracker version 1.19.33.5606 and prior due to not properly checking of the "group" and "status" parameters in POST requests. Group parameter is...

8.8CVSS7.2AI score0.01165EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/12/22 12:15 a.m.45 views

CVE-2021-43851

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. SQL injection vulnerability exist in multiple files in Time Tracker version 1.19.33.5606 and prior due to not properly checking of the "group" and "status" parameters in POST requests. Group parameter is...

8.8CVSS7.8AI score0.01165EPSS
Exploits0References3
NVD
NVD
added 2021/12/22 12:15 a.m.43 views

CVE-2021-43851

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. SQL injection vulnerability exist in multiple files in Time Tracker version 1.19.33.5606 and prior due to not properly checking of the "group" and "status" parameters in POST requests. Group parameter is...

8.8CVSS0.01165EPSS
Exploits0References3
Prion
Prion
added 2021/12/22 12:15 a.m.14 views

Sql injection

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. SQL injection vulnerability exist in multiple files in Time Tracker version 1.19.33.5606 and prior due to not properly checking of the "group" and "status" parameters in POST requests. Group parameter is...

6.5CVSS8.9AI score0.01165EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/12/21 11:40 p.m.39 views

CVE-2021-43851 SQL injection vulnerability in anuko timetracker

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. SQL injection vulnerability exist in multiple files in Time Tracker version 1.19.33.5606 and prior due to not properly checking of the "group" and "status" parameters in POST requests. Group parameter is...

8.1CVSS9.2AI score0.01165EPSS
Exploits0References3
CVE
CVE
added 2021/12/21 11:40 p.m.64 views

CVE-2021-43851

CVE-2021-43851 concerns the Anuko Time Tracker PHP application. The connected documents confirm a SQL injection in multiple files, stemming from improper validation of the group and status parameters in POST requests (notably in groups.php). The vulnerability affects Time Tracker version 1.19.33....

8.8CVSS8.7AI score0.01165EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2021/12/21 12:0 a.m.4 views

Anuko Time Tracker SQL注入漏洞

Anuko Time Tracker is an open source time counting system for individual developers. A platform used to count employee time spent on various tasks, Anuko Time Tracker is vulnerable to a SQL injection vulnerability that stems from the group and status parameters in the groups.php file not being...

8.8CVSS6AI score0.01165EPSS
Exploits0References4
Rows per page
Query Builder