Ahsan Azad

**Name of the Vulnerable Software and Affected Versions** Hubstaff version 1.6.14 **Description** The software contains a DLL search order hijacking issue. An attacker can replace a missing `system32wow64log.dll` with a malicious library. By using tools like Metasploit to create a custom DLL and placing it in the `system32` directory, an attacker can gain a reverse shell when the application starts. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `system32` directory to prevent unauthorized DLL placement.