PT-2006-1745 · Tts · Tts Time Tracking

Aliaksandr Hartsuyeu

Published

2006-02-15

Updated

2018-10-19

CVE-2006-0691

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions TTS Time Tracking Software version 3.0

Description The issue allows remote attackers to overwrite arbitrary data belonging to any account due to a lack of verification of the name and password in the edituser.php file.

Recommendations For TTS Time Tracking Software version 3.0, consider implementing proper authentication and authorization mechanisms to verify the name and password before allowing any changes to account data. As a temporary workaround, restrict access to the edituser.php file to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-0691

Affected Products

Tts Time Tracking

PT-2006-1745 · Tts · Tts Time Tracking

CVE-2006-0691

Related Identifiers

Affected Products

References · 9