EfroTech Timetrax v8.3 - Sql Injection

EfroTech Timetrax v8.3 was discovered to contain an unauthenticated SQL injection vulnerability via the q parameter in the search web interface. id: CVE-2024-39250 info: name: EfroTech Timetrax v8.3 - Sql Injection author: s4e-io,efran severity: high description: | EfroTech Timetrax v8.3 was...

CVE-2024-39250

EfroTech Timetrax v8.3 was discovered to contain an unauthenticated SQL injection vulnerability via the q parameter in the search web interface...

EUVD-2025-18626

Malicious code in bioql PyPI...

CVE-2025-46157

An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form...

CVE-2025-46157

An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form...

PT-2025-26162 · Efrotech · Efrotech Timetrax

Name of the Vulnerable Software and Affected Versions: EfroTech Time Trax version 1.0 Description: An issue in EfroTech Time Trax allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form. This issue is related to the CWE-434 Unrestricted Upload...

EfroTech Time Trax 安全漏洞

EfroTech Time Trax is a human resources and business operations management system from EfroTech Pakistan. A security vulnerability exists in EfroTech Time Trax v1.0, which stems from an unrestricted file attachment feature that could lead to the execution of arbitrary code...

CVE-2025-46157

An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form...

CVE-2025-46157

An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form...

CVE-2025-46157

CVE-2025-46157 affects EfroTech Time Trax v1.0, specifically the Leave Request form in the Attendance module. The issue is an unrestricted file upload/weak server-side validation that enables remote code execution (RCE) by uploading a crafted file (e.g., changing a .txt to .asp). The CVSS v3.1 ba...

CVE-2024-39250

EfroTech Timetrax v8.3 was discovered to contain an unauthenticated SQL injection vulnerability via the q parameter in the search web interface...

CVE-2024-39250

EfroTech Timetrax v8.3 was discovered to contain an unauthenticated SQL injection vulnerability via the q parameter in the search web interface...

CVE-2024-39250

EfroTech Timetrax v8.3 was discovered to contain an unauthenticated SQL injection vulnerability via the q parameter in the search web interface...

CVE-2024-39250

EfroTech Timetrax v8.3 is affected by an unauthenticated SQL injection via the q parameter in the search web interface. The issue, detailed in the CVE-2024-39250/Nuclei template, allows unauthenticated attackers to perform SQL injection against the Timetrax database. The vulnerability is associat...

EfroTech Timetrax 安全漏洞

EfroTech Timetrax is a human resource management program from EfroTech. A security vulnerability exists in EfroTech Timetrax version 8.3, which stems from an unauthenticated SQL injection vulnerability in the q parameter in the search web interface...

CVE-2024-39250

EfroTech Timetrax v8.3 was discovered to contain an unauthenticated SQL injection vulnerability via the q parameter in the search web interface...

PT-2024-28411 · Efrotech · Efrotech Timetrax

Name of the Vulnerable Software and Affected Versions: EfroTech Timetrax version 8.3 Description: The issue is related to an unauthenticated SQL injection vulnerability. This vulnerability can be exploited via the q parameter in the search web interface. Recommendations: For EfroTech Timetrax...

Exploit for SQL Injection in Efrotech Timetrax

CVE-2024-39250 PoC nuclei template Efrotech's http://ww...