Cross-Site Request Forgery in Employee Timeclock Software by Unknown Vendor
CVE-2010-0707

Currently unrated

Key Information:

Vendor

Timeclock-software

Status
Employee Timeclock Software
Vendor
CVE Published:
25 February 2010

What is CVE-2010-0707?

A cross-site request forgery (CSRF) vulnerability exists in the add_user.php script of Employee Timeclock Software version 0.99. This flaw enables remote attackers to trick an authenticated administrator into executing unauthorized actions. Specifically, attackers can create new administrative users by hijacking the existing session, which poses a significant risk to the integrity of the application. It is crucial for users of this software to implement appropriate security measures to mitigate the risk associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://secunia.com/advisories/38662
third-party-advisoryx_refsource_SECUNIA
http://www.exploit-db.com/exploits/11516
exploitx_refsource_EXPLOIT-DB
https://exchange.xforce.ibmcloud.com/vulnerabilities/56410
vdb-entryx_refsource_XF

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.