CVE-2023-32308

anuko timetracker is an open source time tracking system. Boolean-based blind SQL injection vulnerability existed in Time Tracker invoices.php in versions prior to 1.22.11.5781. This was happening because of a coding error after validating parameters in POST requests. There was no check for errors before adjusting invoice sorting order. Because of this, it was possible to craft a POST request with malicious SQL for Time Tracker database. This issue has been fixed in version 1.22.11.5781. Users are advised to upgrade. Users unable to upgrade may insert an additional check for errors in a condition before calling `ttGroupHelper::getActiveInvoices()` in invoices.php.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/anuko/timetracker/commit/8a7367d7f77ea697c090f5ca4e19669181cc7bcf	Patch
https://github.com/anuko/timetracker/security/advisories/GHSA-9g2c-7c7g-p58r	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:anuko:time_tracker:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-05-15 21:15

Updated : 2024-02-28 20:13

NVD link : CVE-2023-32308

Mitre link : CVE-2023-32308

CVE.ORG link : CVE-2023-32308

JSON object : View

Products Affected

anuko

time_tracker

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2023-32308", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 3.9}]}, "published": "2023-05-15T21:15:09.530", "references": [{"url": "https://github.com/anuko/timetracker/commit/8a7367d7f77ea697c090f5ca4e19669181cc7bcf", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/anuko/timetracker/security/advisories/GHSA-9g2c-7c7g-p58r", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "anuko timetracker is an open source time tracking system. Boolean-based blind SQL injection vulnerability existed in Time Tracker invoices.php in versions prior to 1.22.11.5781. This was happening because of a coding error after validating parameters in POST requests. There was no check for errors before adjusting invoice sorting order. Because of this, it was possible to craft a POST request with malicious SQL for Time Tracker database. This issue has been fixed in version 1.22.11.5781. Users are advised to upgrade. Users unable to upgrade may insert an additional check for errors in a condition before calling `ttGroupHelper::getActiveInvoices()` in invoices.php."}], "lastModified": "2023-05-25T17:38:00.570", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:anuko:time_tracker:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "950665B0-1126-463B-99BB-4EB7A099B25B", "versionEndExcluding": "1.22.11.5781"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}