Home Contact Buy
Sitemap Contact
Home Time Tracker Consulting Download Video Free Buy Sitemap Contact

Forum

Is TaskBar still broken?

Cannot Add New Clock or Change City Window 11

[SOLVED] Forgot Password -> Error 500

[SOLVED] Unable to send mail

installation problem : MDB2 Error: unknown error

the "actual" time of arrival & departure

work permit request

Time Tracker UPGRADE INSTRUCTIONS

News

11 May 2023
CVE-2023-32306 - Time-based blind SQL injection in reports
8 May 2023
CVE-2023-32066 - Stored XSS vulnerability in Week View
8 May 2023
CVE-2023-32308 - SQL injection vulnerability in Invoices
24 Feb 2023
Hide and show desktop clocks with a shortcut key
5 Feb 2023
World Clock desktop templates for forex
4 Feb 2023
World Clock desktop templates for GMT
6 Nov 2022
Charts for Favorite Reports
27 Oct 2022
Time Tracker 1.22 Released

Time-based Blind SQL Injection in Reports

CVE-2023-32306.

Time-based blind SQL injection vulnerability existed in Time Tracker reports in versions prior to 1.22.13.5792. This was happening because the reports.php page was not validating all parameters in POST requests. Because some parameters were not checked, it was possible to craft a POST request with malicious SQL for Time Tracker database.

Patches

The vulnerability was fixed in version 1.22.13.5792.

Workarounds

Upgrade is highly recommended. If it is not practical, use fixed code in ttReportHelper.class.php from version 1.22.13.5792.

Support

If you need help with upgrading or migrating your system you can order paid support. We can also host Time Tracker for your organization on our servers. If you have any questions feel free to contact us.

Home Download Video Free Buy Legal Sitemap Contact
Login
Hosting and content management by Anuko