PT-2020-14318 · Anuko · Anuko Time Tracker

Muffyhub

Published

2020-10-16

Updated

2021-11-18

CVE-2020-15255

CVSS v3.1

8.7

High

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Anuko Time Tracker versions prior to 1.19.23.5325

Description The issue arises from not properly filtering user input, which can lead to a CSV export of a report containing cells that are treated as formulas by spreadsheet software. This occurs when a cell value starts with an equal sign.

Recommendations For versions prior to 1.19.23.5325, update to version 1.19.23.5325 to resolve the issue.

Exploit

Fix

Special Elements Injection

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-1236

Related Identifiers

CVE-2020-15255

GHSA-PRJF-9MGH-8FPV

Affected Products

Anuko Time Tracker

PT-2020-14318 · Anuko · Anuko Time Tracker

CVE-2020-15255

Weakness Enumeration

Related Identifiers

Affected Products

References · 6