Description
SQL Injection vulnerability in the default configuration of the Logitime WebClock application <= 5.43.0 allows an unauthenticated user to run arbitrary code on the backend database server.
References (4)
Core 4
Core References
Various Sources
https://en.logitime.com/time-attendance/
Various Sources
https://nl.logitime.com/
Various Sources
https://nl.logitime.com/download/webclock-v5-43-0-13-12-2024/
Various Sources
https://tulling.dev/disclosures/cve-2024-55971/
Scores
CVSS v3
10.0
EPSS
0.0063
EPSS Percentile
45.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-89
Status
published
Published
Jan 23, 2025
Tracked Since
Feb 18, 2026