High severity8.8NVD Advisory· Published May 12, 2023· Updated Jun 17, 2026
CVE-2023-32306
CVE-2023-32306
Description
Time Tracker is an open source time tracking system. A time-based blind injection vulnerability existed in Time Tracker reports in versions prior to 1.22.13.5792. This was happening because the reports.php page was not validating all parameters in POST requests. Because some parameters were not checked, it was possible to craft POST requests with malicious SQL for Time Tracker database. This issue is fixed in version 1.22.13.5792. As a workaround, use the fixed code in ttReportHelper.class.php from version 1.22.13.5792.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3<1.22.13.5792+ 1 more
- (no CPE)range: <1.22.13.5792
- (no CPE)range: < 1.22.13.5792
- Range: <1.22.13.5792
Patches
Vulnerability mechanics
References
1- github.com/anuko/timetracker/security/advisories/GHSA-758x-vg7g-j9j3nvdVendor Advisory
News mentions
0No linked articles in our index yet.