CVE-2020-27423

HIGH

Anuko Time Tracker <1.19.23.5311 - DoS

Title source: llm

Description

Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user's mailbox

Exploits (1)

exploitdb WRITEUP

by Mufaddal Masalawala · textwebappsphp

https://www.exploit-db.com/exploits/49173

View Code ZIP pw:eip

References (1)

[Third Party Advisory, VDB Entry] https://packetstormsecurity.com/files/160052/Anuko-Time-Tracker-1.19.23.5311-Missing-Rate-Limiting.html

Scores

CVSS v3 7.5

EPSS 0.1539

EPSS Percentile 94.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-307

Status published

Products (1)

anuko/time_tracker < 1.19.23.5311

Published Nov 16, 2020

Tracked Since Feb 18, 2026