CVE-2017-17989

Name of the Vulnerable Software and Affected Versions Biometric Shift Employee Management System (affected versions not specified)

Description The issue is related to a security problem where an attacker can inject malicious code. This is possible due to the lack of proper input validation in the holiday name parameter when performing an edit holiday action in the index.php file.

Recommendations As a temporary workaround, consider restricting access to the index.php file or the edit holiday action until a patch is available. Avoid using the holiday name parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.