Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SQL injection in time@work from systems@work
Vulnerability Description
When hours are entered in time@work, version 7.0.5, it performs a query to display the projects assigned to the user. If the query URL is copied and opened in a new browser window, the ‘IDClient’ parameter is vulnerable to a blind authenticated SQL injection. If the request is made with the TWAdmin user with the sysadmin role enabled, exploiting the vulnerability will allow commands to be executed on the system; if the user does not belong to the sysadmin role, they will still be able to query data from the database.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
systems@work time@work SQL注入漏洞
Vulnerability Description
systems@work time@work是捷克systems@work公司的一个服务自动化和工时管理系统。 systems@work time@work 7.0.5版本存在SQL注入漏洞,该漏洞源于IDClient参数容易受到经过身份验证的盲SQL注入攻击,可能导致命令执行或数据库数据查询。
CVSS Information
N/A
Vulnerability Type
N/A