Описание
TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the add_entry.php endpoint to determine user existence by measuring response time differences.
EPSS
Процентиль: 7%
0.00027
Низкий
7.1 High
CVSS3
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 7.1
github
9 дней назад
TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the add_entry.php endpoint to determine user existence by measuring response time differences.
EPSS
Процентиль: 7%
0.00027
Низкий
7.1 High
CVSS3
Дефекты
CWE-89