CVE-2020-37005

Name of the Vulnerable Software and Affected Versions TimeClock Software version 1.01

Description An authenticated time-based SQL injection allows attackers to enumerate valid usernames by manipulating the notes parameter. This is achieved by injecting conditional time delays in the 'add entry.php' endpoint and measuring response time differences to determine if a user exists.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.