Sensitive Information Exposure in Employee Timeclock Software by Timeclock Software
CVE-2010-0123

Currently unrated

Key Information:

Vendor: Timeclock-software
Status: Employee Timeclock Software
Vendor: CVE Published:; 15 March 2010

🔔 Create Timeclock-software Vulnerability Alert

What is CVE-2010-0123?

The Employee Timeclock Software version 0.99 has a vulnerability where its database backup feature stores sensitive information within the web root directory without adequate access control. This design flaw allows remote attackers to exploit this weakness and download the database by making direct requests using a semi-predictable file name, thereby leading to potential unauthorized access to sensitive data.

References

http://secunia.com/advisories/38739

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/archive/1/509990/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.osvdb.org/62833

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 15, 2010
Vulnerability Reserved
Jan 4, 2010

CVE-2010-0123 Data

JSON