CVE-2010-0122
Timeclock-software Employee Timeclock Software - SQL Injection
Title source: ruleDescription
Multiple SQL injection vulnerabilities in Employee Timeclock Software 0.99 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) auth.php or (b) login_action.php.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Secunia Research · textwebappsphp
https://www.exploit-db.com/exploits/39427
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/38639
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/38739
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/56799
Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2010-11/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/62832
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/62831
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/509995/100/0/threaded
Scores
EPSS
0.0033
EPSS Percentile
55.9%
Details
CWE
CWE-89
Status
published
Products (1)
timeclock-software/employee_timeclock_software
0.99
Published
Mar 15, 2010
Tracked Since
Feb 18, 2026