Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper neutralization of input in Times Software E-PAYROLL
Vulnerability Description
Value provided in one of POST parameters sent during the process of logging in to Times Software E-Payroll is not sanitized properly, which allows an unauthenticated attacker to perform DoS attacks. SQL injection attacks might also be feasible, although so far creating a working exploit has been prevented probably by backend filtering mechanisms. Additionally, command injection attempts cause the application to return extensive error messages disclosing some information about the internal infrastructure. Patching status is unknown because the vendor has not replied to messages sent by the CNA.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Times Software E-Payroll 安全漏洞
Vulnerability Description
Times Software E-Payroll是新加坡Times Software公司的一个薪资管理系统。 Times Software E-Payroll存在安全漏洞,该漏洞源于POST参数清理不当,可能导致拒绝服务攻击和SQL注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A