Multiple SQL injection vulnerabilities in login.php in Timesheet Next Gen 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.
References
Configurations
History
No history.
Information
Published : 2012-09-19 19:55
Updated : 2017-08-29 01:31
NVD link : CVE-2012-2105
Mitre link : CVE-2012-2105
CVE.ORG link : CVE-2012-2105
JSON object : View
Products Affected
peter_kovacs
- timesheet_next_gen
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')