Time Tracker Security Vulnerabilities and Issues — Time Tracker CVE List

Lucene search

AnukoTime Tracker

4 matches found

CVE•added 2020/11/16 4:15 p.m.•55 views

CVE-2020-27422

In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account.

9.8CVSS9.4AI score0.09002EPSS

CVE•added 2021/03/03 1:15 a.m.•49 views

CVE-2021-21352

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. In TimeTracker before version 1.19.24.5415 tokens used in password reset feature in Time Tracker are based on system time and, therefore, are predictable. This opens a window for brute force attacks to guess u...

9.1CVSS8.1AI score0.00419EPSS

CVE•added 2023/05/15 9:15 p.m.•46 views

CVE-2023-32308

anuko timetracker is an open source time tracking system. Boolean-based blind SQL injection vulnerability existed in Time Tracker invoices.php in versions prior to 1.22.11.5781. This was happening because of a coding error after validating parameters in POST requests. There was no check for errors ...

9.8CVSS9.4AI score0.00115EPSS

CVE•added 2023/05/12 7:15 p.m.•24 views

CVE-2023-32306

Time Tracker is an open source time tracking system. A time-based blind injection vulnerability existed in Time Tracker reports in versions prior to 1.22.13.5792. This was happening because the reports.php page was not validating all parameters in POST requests. Because some parameters were not che...

9.8CVSS9.3AI score0.00632EPSS