Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
TimeClock Software 1.01 Authenticated Time-Based SQL Injection
Vulnerability Description
TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the add_entry.php endpoint to determine user existence by measuring response time differences.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
TimeClock SQL注入漏洞
Vulnerability Description
TimeClock是TimeClock公司的一个工时管理软件。 TimeClock 1.01版本存在SQL注入漏洞,该漏洞源于add_entry.php端点中的notes参数存在基于时间的SQL注入,可能导致枚举有效用户名。
CVSS Information
N/A
Vulnerability Type
N/A