Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cross site request forgery vulnerability
Vulnerability Description
Anuko Time Tracker is an open source, web-based time tracking application written in PHP. In Time Tracker before version 1.19.27.5431 a Cross site request forgery (CSRF) vulnerability existed. The nature of CSRF is that a logged on user may be tricked by social engineering to click on an attacker-provided form that executes an unintended action such as changing user password. The vulnerability is fixed in Time Tracker version 1.19.27.5431. Upgrade is recommended. If upgrade is not practical, introduce ttMitigateCSRF() function in /WEB-INF/lib/common.php.lib using the latest available code and call it from ttAccessAllowed().
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Anuko Time Tracker 跨站请求伪造漏洞
Vulnerability Description
Anuko Time Tracker是Anuko个人开发者的一个用于统计员工在项目上花费时间的一个 Web 平台。 Anuko Time Tracker 存在安全漏洞,攻击者可利用该漏洞提供的表单,执行一个意想不到的操作,比如更改用户密码。
CVSS Information
N/A
Vulnerability Type
N/A