CVE-2010-0123

Name of the Vulnerable Software and Affected Versions Employee Timeclock Software version 0.99

Description The issue concerns the database backup implementation, which stores sensitive information under the web root with insufficient access control. This allows remote attackers to download a database via a direct request for a "semi-predictable file name."

Recommendations For Employee Timeclock Software version 0.99, consider restricting access to the database backup files to minimize the risk of exploitation. As a temporary workaround, limit direct requests for semi-predictable file names until a proper fix is implemented.