Vulnerability Details CVE-2006-4705
SQL injection vulnerability in login.php in dwayner79 and Dominic Gamble Timesheet (aka Timesheet.php) 1.2.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.8%
CVSS Severity
CVSS v2 Score 5.0
References
- http://secaware.blogspot.com/2006/09/timesheet-121-blind-sql-injection.html
- http://secunia.com/advisories/21831
- http://securityreason.com/securityalert/1542
- http://www.securityfocus.com/archive/1/445603/100/0/threaded
- http://www.securityfocus.com/bid/19856
- http://www.vupen.com/english/advisories/2006/3547
- http://secaware.blogspot.com/2006/09/timesheet-121-blind-sql-injection.html
- http://secunia.com/advisories/21831
- http://securityreason.com/securityalert/1542
- http://www.securityfocus.com/archive/1/445603/100/0/threaded
- http://www.securityfocus.com/bid/19856
- http://www.vupen.com/english/advisories/2006/3547
Products affected by CVE-2006-4705
-
cpe:2.3:a:dominic_gamble:timesheet.php:1.2.1