VYPR
Medium severity5.4NVD Advisory· Published Apr 13, 2021· Updated Jun 17, 2026

CVE-2021-29436

CVE-2021-29436

Description

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. In Time Tracker before version 1.19.27.5431 a Cross site request forgery (CSRF) vulnerability existed. The nature of CSRF is that a logged on user may be tricked by social engineering to click on an attacker-provided form that executes an unintended action such as changing user password. The vulnerability is fixed in Time Tracker version 1.19.27.5431. Upgrade is recommended. If upgrade is not practical, introduce ttMitigateCSRF() function in /WEB-INF/lib/common.php.lib using the latest available code and call it from ttAccessAllowed().

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Anuko/Time Trackerllm-fuzzy2 versions
    <1.19.27.5431+ 1 more
    • (no CPE)range: <1.19.27.5431
    • (no CPE)range: < 1.19.27.5431

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.