Titra is open source project time tracking software. Prior to version 0.99.49, Titra allows any authenticated Admin user to modify the timeEntryRule in the database. The value is then passed to a NodeVM value to execute as code. Without sanitization, it leads to a Remote Code Execution. Version 0.99.49 fixes the issue.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HKromit Titra
APPKromit< 0.99.49
Related vulnerabilities
Improper Authorization in GitHub repository kromitgmbh/titra prior to 0.79.1.
Weak Password Requirements in GitHub repository kromitgmbh/titra prior to 0.78.1.
Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77....
Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignme...
Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, ...