Showing 1 - 1 of 1

CVE-2010-0122

Status Candidate

Overview

Multiple SQL injection vulnerabilities in Employee Timeclock Software 0.99 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) auth.php or (b) login_action.php.

Related Files

Employee Timeclock Software SQL Injection: Posted Mar 10, 2010; Site secunia.com; Secunia Research has discovered some vulnerabilities in Employee Timeclock Software, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "username" and "password" parameters in auth.php and login_action.php is not properly sanitized before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Version 0.99 is affected.; tags | advisory, arbitrary, php, vulnerability, sql injection; advisories | CVE-2010-0122; SHA-256 | 5795aa2f7b68c3c5da9b0bfedba7c22c43d0eb18d3b5231dfd1bb899c4d043f4; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 304 files
indoushka 142 files
Ubuntu 100 files
Gentoo 32 files
Debian 24 files
LiquidWorm 17 files
Apple 11 files
Google Security Research 8 files
malvuln 8 files
Michael Baer 3 files

File Archives

Systems

AIX (430)
Apple (2,117)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,144)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (391)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,608)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,085)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,928)
UNIX (9,469)
UnixWare (188)
Windows (6,784)
Other

CVE-2010-0122

Overview

Related Files

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems