Skip to main content

Time Tracker

14 CVEs product

Monthly

CVE-2023-32308 CRITICAL PATCH Act Now

anuko timetracker is an open source time tracking system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

PHP SQLi Time Tracker
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-32306 CRITICAL Act Now

Time Tracker is an open source time tracking system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Time Tracker
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-32066 MEDIUM PATCH This Month

Time Tracker is an open source time tracking system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Time Tracker
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-24708 MEDIUM PATCH This Month

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Time Tracker
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-24707 HIGH POC PATCH This Week

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Time Tracker
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
7.2%
CVE-2021-43851 HIGH PATCH This Week

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi PHP Time Tracker
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-41139 MEDIUM PATCH This Month

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Time Tracker
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-29436 HIGH PATCH This Week

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF PHP Time Tracker
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2021-21352 CRITICAL PATCH Act Now

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Time Tracker
NVD GitHub
CVSS 3.1
9.1
EPSS
1.4%
CVE-2020-27423 HIGH POC This Week

Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user's mailbox. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Time Tracker
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
6.4%
CVE-2020-27422 CRITICAL POC Act Now

In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Time Tracker
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
7.8%
CVE-2020-15255 HIGH POC PATCH This Week

In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software (for. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Time Tracker
NVD GitHub Exploit-DB
CVSS 3.1
7.3
EPSS
3.5%
CVE-2019-12162 HIGH This Week

Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which could lead to code execution or local privilege escalation by replacing the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Time Tracker
NVD VulDB
CVSS 3.0
7.8
EPSS
0.3%
CVE-2015-6751 LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in the Time Tracker module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Time Tracker
NVD
CVSS 2.0
3.5
EPSS
0.2%
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

anuko timetracker is an open source time tracking system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

PHP SQLi Time Tracker
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Time Tracker is an open source time tracking system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Time Tracker
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Time Tracker is an open source time tracking system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Time Tracker
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Time Tracker
NVD GitHub
EPSS 7% CVSS 8.8
HIGH POC PATCH This Week

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Time Tracker
NVD GitHub Exploit-DB
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi PHP Time Tracker
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Time Tracker
NVD GitHub
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF PHP Time Tracker
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Time Tracker
NVD GitHub
EPSS 6% CVSS 7.5
HIGH POC This Week

Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user's mailbox. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Time Tracker
NVD Exploit-DB
EPSS 8% CVSS 9.8
CRITICAL POC Act Now

In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Time Tracker
NVD Exploit-DB
EPSS 4% CVSS 7.3
HIGH POC PATCH This Week

In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software (for. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Time Tracker
NVD GitHub Exploit-DB
EPSS 0% CVSS 7.8
HIGH This Week

Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which could lead to code execution or local privilege escalation by replacing the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Time Tracker
NVD VulDB
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in the Time Tracker module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Time Tracker
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy