PT-2025-26162 · Efrotech · Efrotech Timetrax
Noman Azam
·
Published
2025-06-18
·
Updated
2025-06-26
·
CVE-2025-46157
CVSS v3.1
9.9
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
EfroTech Time Trax version 1.0
Description
An issue in EfroTech Time Trax allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form. This is related to the CWE-434 Unrestricted Upload of File with Dangerous Type. The attacker can exploit this issue to execute arbitrary code.
Recommendations
For EfroTech Time Trax version 1.0, consider disabling the file attachment function in the leave request form until a patch is available to prevent remote attackers from executing arbitrary code. Restrict access to the leave request form to minimize the risk of exploitation. Avoid using the file attachment feature in the affected form until the issue is resolved.
Exploit
Fix
RCE
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Efrotech Timetrax