CVE-2017-17993

Name of the Vulnerable Software and Affected Versions Biometric Shift Employee Management System (affected versions not specified)

Description The issue concerns a problem where an attacker can execute malicious scripts. This is possible due to the lack of proper validation of user input in the amount parameter of a specific request to 'index.php?user=addition deduction'.

Recommendations As a temporary workaround, consider restricting access to the 'index.php?user=addition deduction' endpoint until a patch is available. Avoid using the amount parameter in this endpoint until the issue is resolved.