Noman Azam

**Name of the Vulnerable Software and Affected Versions** EfroTech Time Trax version 1.0 **Description** An issue in EfroTech Time Trax allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form. This is related to the CWE-434 Unrestricted Upload of File with Dangerous Type. The attacker can exploit this issue to execute arbitrary code. **Recommendations** For EfroTech Time Trax version 1.0, consider disabling the file attachment function in the leave request form until a patch is available to prevent remote attackers from executing arbitrary code. Restrict access to the leave request form to minimize the risk of exploitation. Avoid using the file attachment feature in the affected form until the issue is resolved.