CVE-2006-0691

TTS Time Tracking Software 3.0 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0691. PoCs published by Aliaksandr Hartsuyeu.

AI-analyzed exploit summary The exploit describes an access-validation vulnerability in Time Tracking Software 3.0, allowing unauthorized access to administrative functions via direct URL manipulation. No actual exploit code is provided, only a description and example URL.

Description

edituser.php in TTS Time Tracking Software 3.0 does not verify that the name and password are correct, which allows remote attackers to overwrite arbitrary data belonging to any account.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Aliaksandr Hartsuyeu · textwebappsphp

https://www.exploit-db.com/exploits/27250

View Code ZIP pw:eip

The exploit describes an access-validation vulnerability in Time Tracking Software 3.0, allowing unauthorized access to administrative functions via direct URL manipulation. No actual exploit code is provided, only a description and example URL.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Theoretical

Target: Time Tracking Software 3.0

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK