CVE-2020-27422
23Vexday Risk Score
No sign of exploitation. It has a public proof of concept.
ssvc Attendepss 7.8%
from disclosure to weapon16 days
Published on NVDNov 16
1st PoC+16d
exploitation probability
7.8%top 6% of all CVEs
observed exploitation
nono source reports it
2 public exploit(s)
In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account.
Affected products
n/a · n/apublic PoCs found — 2
exploitdbwww.exploit-db.com/exploits/49174unverifiedcve_referencepacketstormsecurity.com/files/160051/Anuko-Time-Tracker-1.19.23.5311-Password-Reset.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.