PT-2007-7106 · Irola · Irola My-Time

Aura

Published

2007-12-04

Updated

2018-10-15

CVE-2007-6217

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Irola My-Time (aka Timesheet) version 3.5

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the login (also known as Username) and password parameters in the login.asp file.

Recommendations For Irola My-Time (aka Timesheet) version 3.5, consider restricting access to the login.asp file until a patch is available. As a temporary workaround, avoid using the login and password parameters in the login.asp file to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2007-6217

Affected Products

Irola My-Time

PT-2007-7106 · Irola · Irola My-Time

CVE-2007-6217

Weakness Enumeration

Related Identifiers

Affected Products

References · 9