CVE-2010-0707

Employee Timeclock Software 0.99 - CSRF

Title source: llm

Description

Cross-site request forgery (CSRF) vulnerability in add_user.php in Employee Timeclock Software 0.99 allows remote attackers to hijack the authentication of an administrator for requests that create new administrative users. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ViRuSMaN · htmlwebappsphp

https://www.exploit-db.com/exploits/11516

View Code ZIP pw:eip

References (4)

[Vendor Advisory] http://secunia.com/advisories/38662

[Exploit] http://www.exploit-db.com/exploits/11516

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/56410

[Third Party Advisory, VDB Entry] http://osvdb.org/62478

Scores

EPSS 0.0008

EPSS Percentile 24.4%

Details

CWE

CWE-352

Status published

Products (1)

timeclock-software/employee_timeclock_software 0.99

Published Feb 25, 2010

Tracked Since Feb 18, 2026