CVE-2023-32306

Name of the Vulnerable Software and Affected Versions Time Tracker versions prior to 1.22.13.5792

Description A time-based blind injection issue existed in Time Tracker reports due to the reports.php page not validating all parameters in POST requests. This allowed malicious SQL to be crafted for the Time Tracker database. The issue is related to the lack of validation of parameters in POST requests, which could be exploited by crafting malicious requests.

Recommendations For versions prior to 1.22.13.5792, update to version 1.22.13.5792 to resolve the issue. As a temporary workaround, consider using the fixed code in ttReportHelper.class.php from version 1.22.13.5792.