CVE-2020-27423

HIGH

Anuko Time Tracker <1.19.23.5311 - DoS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-27423. PoCs published by Mufaddal Masalawala.

AI-analyzed exploit summary This exploit describes a lack of rate limiting in the password reset functionality of Anuko Time Tracker, allowing an attacker to flood a user's mailbox with password reset emails, leading to a Denial of Service (DoS). The PoC outlines steps to replay the password reset request multiple times.

Description

Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user's mailbox

Exploits (1)

exploitdb WRITEUP

by Mufaddal Masalawala · textwebappsphp

https://www.exploit-db.com/exploits/49173

View Code ZIP pw:eip

This exploit describes a lack of rate limiting in the password reset functionality of Anuko Time Tracker, allowing an attacker to flood a user's mailbox with password reset emails, leading to a Denial of Service (DoS). The PoC outlines steps to replay the password reset request multiple times.

Classification

Writeup 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Anuko Time Tracker v1.19.23.5311 and prior

No auth needed

Prerequisites: Access to the password reset module · Valid user login name

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory, VDB Entry x_refsource_misc

https://packetstormsecurity.com/files/160052/Anuko-Time-Tracker-1.19.23.5311-Missing-Rate-Limiting.html

Scores

CVSS v3 7.5

EPSS 0.0636

EPSS Percentile 92.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-307

Status published

Products (1)

anuko/time_tracker < 1.19.23.5311

Published Nov 16, 2020

Tracked Since Feb 18, 2026