Aura

**Name of the Vulnerable Software and Affected Versions** Irola My-Time (aka Timesheet) version 3.5 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `login` (also known as `Username`) and `password` parameters in the login.asp file. **Recommendations** For Irola My-Time (aka Timesheet) version 3.5, consider restricting access to the login.asp file until a patch is available. As a temporary workaround, avoid using the `login` and `password` parameters in the login.asp file to minimize the risk of exploitation.