Lucene search
China National Vulnerability DatabaseCNVD-2021-103392HistoryDec 23, 2021 - 12:00 a.m.
Anuko Time Tracker SQL Injection Vulnerability
2021-12-2300:00:00
China National Vulnerability Database
www.cnvd.org.cn
3
0.002 Low
EPSS
Percentile
53.7%
Anuko Time Tracker is an open source time counting system for individual developers. A platform used to count employee time spent on various tasks, Anuko Time Tracker is vulnerable to a SQL injection vulnerability that stems from the group and status parameters in the groups.php file not being properly checked in POST requests. When navigating between subgroups of an organization, the group parameter is posted. The Status parameter is used in multiple files to change the status of an entity, such as to make a project, task, or user inactive. An attacker could use this vulnerability to obtain sensitive information.
| CPE | Name | Operator | Version |
|---|---|---|---|
| Anuko Time Tracker Anuko Time Tracker <=1. | eq | 19.33.5606 |
Related
nvd
nvd
CVE-2021-43851
2021-12-22 00:15:09
cve
cve
CVE-2021-43851
2021-12-22 00:15:09
prion
prion
Sql injection
2021-12-22 00:15:00
osv
osv
CVE-2021-43851
2021-12-22 00:15:09
cvelist
cvelist
CVE-2021-43851 SQL injection vulnerability in anuko timetracker
2021-12-21 23:40:10