Published: 19/09/2012 Updated: 29/08/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in login.php in Timesheet Next Gen 1.5.2 allow remote malicious users to execute arbitrary SQL commands via the (1) username or (2) password parameters.

Vulnerable Product	Search on Vulmon	Subscribe to Product
peter kovacs timesheet next gen 1.5.2

# Exploit Title: Timesheet Next Gen 152 Multiple SQLi # Date: 02/23/12 # Author: G13 # Software Link: sourceforgenet/projects/tsheetx/ # Version: 152 # Category: webapps (php) # ##### Vulnerability ##### The loginphp page has multiple SQL injection vulnerabilities Both the 'username' and 'password' parameters are vulnerable to SQL ...

CWE-89 http://secunia.com/advisories/48239 http://archives.neohapsis.com/archives/bugtraq/2012-03/0011.html http://sourceforge.net/apps/mantisbt/tsheetx/view.php?id=122 http://www.securityfocus.com/bid/52270 http://www.osvdb.org/79804 http://www.exploit-db.com/exploits/18554 http://www.openwall.com/lists/oss-security/2012/04/16/7 http://www.openwall.com/lists/oss-security/2012/04/16/4 https://exchange.xforce.ibmcloud.com/vulnerabilities/73680 https://nvd.nist.gov https://www.exploit-db.com/exploits/18554/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-2105

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect