CVE-2020-15255: CSV injection in Anuko Time Tracker

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-15255

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

CSV injection in Anuko Time Tracker

Source: NVD (National Vulnerability Database)

Vulnerability Description

In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software (for example, when a cell value starts with an equal sign). This is fixed in version 1.19.23.5325.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

输出中的特殊元素转义处理不恰当(注入)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Anuko Time Tracker 注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Anuko Time Tracker是个人开发者的一个开源的时间统计系统。用于统计员工在各个工作上花费时间的一个平台。 Anuko Time Tracker 1.19.23.5325之前版本存在安全漏洞，该漏洞源于没有正确过滤用户输入，报表的CSV导出可能包含被电子表格软件当作公式处理的单元格(例如，当单元格值以等号开始时)。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
anuko	timetracker	< 1.19.23.5325	-

II. Public POCs for CVE-2020-15255

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2020-15255

Please Login to view more intelligence information

https://github.com/anuko/timetracker/security/advisories/GHSA-prjf-9mgh-8fpvx_refsource_CONFIRM
https://www.exploit-db.com/exploits/49027x_refsource_MISC
http://packetstormsecurity.com/files/159996/Anuko-Time-Tracker-1.19.23.5325-CSV-Injection.htmlx_refsource_MISC
https://github.com/anuko/timetracker/commit/d9472904361495f318c9d0294ffd28acaaeae42fx_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2020-15255

New Vulnerabilities

Product: timetracker

Vendor: anuko

Same weakness: CWE-74

V. Comments for CVE-2020-15255

No comments yet

Support Us — Your donation helps us keep running

I. Basic Information for CVE-2020-15255

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2020-15255

III. Intelligence Information for CVE-2020-15255

New Vulnerabilities

V. Comments for CVE-2020-15255

Leave a comment