SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Anuko Time Tracker Puncher Plugin SQLi

Category: WEB-ATTACKS      

UNION SQL injection and time-based blind injection vulnerabilities existed in Time Tracker Puncher plugin in versions prior to 1.20.0.5642. This was happening because the Puncher plugin was reusing code from other places and was relying on not checked date parameter in POST requests. Because the parameter was not checked, it was possible to craft POST requests with malicious SQL for Time Tracker database.


Relevant Information