CVE-2006-4705 Information

Description

SQL injection vulnerability in login.php in dwayner79 and Dominic Gamble Timesheet (aka Timesheet.php) 1.2.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.

Reference

http://secaware.blogspot.com/2006/09/timesheet-121-blind-sql-injection.html http://secunia.com/advisories/21831 http://securityreason.com/securityalert/1542 http://www.securityfocus.com/archive/1/445603/100/0/threaded http://www.securityfocus.com/bid/19856 http://www.vupen.com/english/advisories/2006/3547