Описание
Multiple SQL injection vulnerabilities in Employee Timeclock Software 0.99 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) auth.php or (b) login_action.php.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:timeclock-software:employee_timeclock_software:0.99:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00365
Низкий
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
github
почти 4 года назад
Multiple SQL injection vulnerabilities in Employee Timeclock Software 0.99 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) auth.php or (b) login_action.php.
EPSS
Процентиль: 58%
0.00365
Низкий
7.5 High
CVSS2
Дефекты
CWE-89