CVE-2006-4705

2006-09-1216:00:00

mitre

www.cve.org

AI Score

8.4

Confidence

Low

EPSS

0.014

Percentile

86.4%

JSON

SQL injection vulnerability in login.php in dwayner79 and Dominic Gamble Timesheet (aka Timesheet.php) 1.2.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.

References

secaware.blogspot.com/2006/09/timesheet-121-blind-sql-injection.html

secunia.com/advisories/21831

securityreason.com/securityalert/1542

www.securityfocus.com/archive/1/445603/100/0/threaded

www.securityfocus.com/bid/19856

www.vupen.com/english/advisories/2006/3547