SQL Injection Vulnerabilities in Employee Timeclock Software by Unknown Vendor
CVE-2010-0122

Currently unrated

Key Information:

Vendor: Timeclock-software
Status: Employee Timeclock Software
Vendor: CVE Published:; 15 March 2010

🔔 Create Timeclock-software Vulnerability Alert

What is CVE-2010-0122?

The Employee Timeclock Software version 0.99 is susceptible to multiple SQL injection vulnerabilities. This flaw allows remote attackers to craft malicious inputs via the username or password fields in auth.php and login_action.php scripts. Successful exploitation could result in execution of arbitrary SQL commands, potentially compromising the underlying database and exposing sensitive information.

References

http://www.securityfocus.com/bid/38639

vdb-entryx_refsource_BID

http://secunia.com/advisories/38739

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/56799

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 15, 2010
Vulnerability Reserved
Jan 4, 2010

CVE-2010-0122 Data

JSON