Описание
Multiple SQL injection vulnerabilities in Employee Timeclock Software 0.99 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) auth.php or (b) login_action.php.
Multiple SQL injection vulnerabilities in Employee Timeclock Software 0.99 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) auth.php or (b) login_action.php.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2010-0122
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56799
- http://secunia.com/advisories/38739
- http://secunia.com/secunia_research/2010-11
- http://www.osvdb.org/62831
- http://www.osvdb.org/62832
- http://www.securityfocus.com/archive/1/509995/100/0/threaded
- http://www.securityfocus.com/bid/38639
Связанные уязвимости
nvd
почти 16 лет назад
Multiple SQL injection vulnerabilities in Employee Timeclock Software 0.99 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) auth.php or (b) login_action.php.