CNNVD-202601-4931 Information

CNNVD ID

CNNVD-202601-4931

Related CVE

CVE-2020-37005

• CNNVD Published: 2026-01-29

Description (Chinese)

TimeClock是TimeClock公司的一个工时管理软件。 TimeClock 1.01版本存在SQL注入漏洞，该漏洞源于add_entry.php端点中的notes参数存在基于时间的SQL注入，可能导致枚举有效用户名。

Description (English)

TimeClock is a time management software for TimeClock. Version 1.01 of TimeClock has an injection loophole in SQL, which originates from the time-based injection of notes parameters in the endpoint of add entry.php, which may lead to a valid user name.

Hazard Level

Medium

Vulnerability Type

SQL注入

Affected Vendor

TimeClock

Published

2026-01-29

Last Modified

2026-02-24

References

http://timeclock-software.net/ https://web.archive.org/web/20190104104315/ https://www.exploit-db.com/exploits/48874 https://www.vulncheck.com/advisories/timeclock-software-authenticated-time-based-sql-injection