CVE-2010-0122

Name of the Vulnerable Software and Affected Versions Employee Timeclock Software version 0.99

Description The issue concerns SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. This can be achieved by manipulating the username or password parameters in specific API endpoints, such as "auth.php" or "login action.php".

Recommendations For Employee Timeclock Software version 0.99, consider restricting access to the "auth.php" and "login action.php" endpoints until a fix is available, and avoid using the username and password parameters in these endpoints to minimize the risk of exploitation.