CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 4CVE-2012-2105 – Timesheet Next Gen 1.5.2 - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2012-2105
Multiple SQL injection vulnerabilities in login.php in Timesheet Next Gen 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. Múltiples vulnerabilidades de inyección SQL en login.php en Timesheet Next Gen v1.5.2, permite a atacantes remotos ejecutar comandos SQL de su elección a través de los parámetros (1)username o (2)password. • https://www.exploit-db.com/exploits/18554 http://archives.neohapsis.com/archives/bugtraq/2012-03/0011.html http://secunia.com/advisories/48239 http://sourceforge.net/apps/mantisbt/tsheetx/view.php?id=122 http://www.exploit-db.com/exploits/18554 http://www.openwall.com/lists/oss-security/2012/04/16/4 http://www.openwall.com/lists/oss-security/2012/04/16/7 http://www.osvdb.org/79804 http://www.securityfocus.com/bid/52270 https://exchange.xforce.ibmcloud.com/vu • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •