Sql injection

2020-07-1521:15:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.3%

JSON

A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later before 4.0 (affecting the com.threeis.webta.H352premPayRequest servlet’s SortBy parameter) allows an attacker with the Employee, Supervisor, or Timekeeper role to read sensitive data from the database.

CPENameOperatorVersion
web_time_and_attendancege3.8
web_time_and_attendancelt4.0

CPE	Name	Operator	Version
	web_time_and_attendance	ge	3.8
	web_time_and_attendance	lt	4.0

References

www.mindpointgroup.com/articles/

www.mindpointgroup.com/blog/webta-sqli-vulnerability/