CVE-2025-9977

Name of the Vulnerable Software and Affected Versions Times Software E-Payroll (affected versions not specified)

Description The application does not properly sanitize data received in POST parameters during the login process, potentially allowing an unauthenticated attacker to perform Denial-of-Service (DoS) attacks. While SQL injection attacks are possible, backend filtering mechanisms may currently prevent successful exploitation. Command injection attempts result in the application displaying detailed error messages that reveal information about the internal infrastructure. The vendor has not responded to inquiries regarding patching status.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.