CVE-2010-0122 Information

Description

Multiple SQL injection vulnerabilities in Employee Timeclock Software 0.99 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) auth.php or (b) login_action.php.

Reference

http://secunia.com/advisories/38739 http://secunia.com/secunia_research/2010-11/ http://www.osvdb.org/62831 http://www.osvdb.org/62832 http://www.securityfocus.com/archive/1/509995/100/0/threaded http://www.securityfocus.com/bid/38639 https://exchange.xforce.ibmcloud.com/vulnerabilities/56799