CVE-2012-2105 Information

Feb 14, 2021 cve

Description

Multiple SQL injection vulnerabilities in login.php in Timesheet Next Gen 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.

Reference

http://archives.neohapsis.com/archives/bugtraq/2012-03/0011.html http://secunia.com/advisories/48239 http://sourceforge.net/apps/mantisbt/tsheetx/view.php?id=122 http://www.exploit-db.com/exploits/18554 http://www.openwall.com/lists/oss-security/2012/04/16/4 http://www.openwall.com/lists/oss-security/2012/04/16/7 http://www.osvdb.org/79804 http://www.securityfocus.com/bid/52270 https://exchange.xforce.ibmcloud.com/vulnerabilities/73680

Share on: