CNNVD-202512-5498 Information

CNNVD ID

CNNVD-202512-5498

Related CVE

CVE-2025-69288

• CNNVD Published: 2025-12-31

Description (Chinese)

titra是kromit开源的一款时间跟踪项目。 titra 0.99.49之前版本存在安全漏洞，该漏洞源于经过身份验证的管理员用户可修改数据库中的timeEntryRule值并传递至NodeVM执行，可能导致远程代码执行。

Description (English)

Titra is a time-tracking project for kromit open sources. There is a security loophole in the pre-tita 0.99.49 version, which stems from the ability of the accredited administrator user to modify the timeEntryrule values in the database and transmit them to NodeVM for execution, which may result in remote code execution.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

kromit

Published

2025-12-31

Last Modified

2026-02-24

References

https://github.com/kromitgmbh/titra/commit/2e2ac5cbeed47a76720b21c7fde0214a242e065e https://github.com/kromitgmbh/titra/releases/tag/0.99.49 https://github.com/kromitgmbh/titra/security/advisories/GHSA-pqgx-6wg3-gmvr

Patch

https://github.com/kromitgmbh/titra/releases