Timeclock · Time Clock · CVE-2020-37005
**Name of the Vulnerable Software and Affected Versions**
TimeClock Software version 1.01
**Description**
An authenticated time-based SQL injection allows attackers to enumerate valid usernames by manipulating the `notes` parameter. This is achieved by injecting conditional time delays in the 'add entry.php' endpoint and measuring response time differences to determine if a user exists.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.