Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SQL injection in anuko timetracker
Vulnerability Description
Anuko Time Tracker is an open source, web-based time tracking application written in PHP. UNION SQL injection and time-based blind injection vulnerabilities existed in Time Tracker Puncher plugin in versions of anuko timetracker prior to 1.20.0.5642. This was happening because the Puncher plugin was reusing code from other places and was relying on an unsanitized date parameter in POST requests. Because the parameter was not checked, it was possible to craft POST requests with malicious SQL for Time Tracker database. This issue has been resolved in in version 1.20.0.5642. Users unable to upgrade are advised to add their own checks to input.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Anuko Time Tracker SQL注入漏洞
Vulnerability Description
Anuko Time Tracker是个人开发者的一个开源的时间统计系统。用于统计员工在各个工作上花费时间的一个平台。 Anuko Time Tracker 1.20.0.5646之前版本存在SQL注入漏洞,该漏洞源于Puncher插件重用了来自其他地方的代码,并依赖于POST请求中未经处理的日期参数,插件存在UNION SQL注入漏洞和基于时间的盲注入漏洞。
CVSS Information
N/A
Vulnerability Type
N/A