6 matches found
CVE-2025-59920
When hours are entered in time@work, version 7.0.5, it performs a query to display the projects assigned to the user. If the query URL is copied and opened in a new browser window, the ‘IDClient’ parameter is vulnerable to a blind authenticated SQL injection. If the request is made with the TWAdm...
CVE-2025-59920 SQL injection in time@work from systems@work
When hours are entered in time@work, version 7.0.5, it performs a query to display the projects assigned to the user. If the query URL is copied and opened in a new browser window, the ‘IDClient’ parameter is vulnerable to a blind authenticated SQL injection. If the request is made with the TWAdm...
CVE-2025-59920
CVE-2025-59920 affects time@work v7.0.5: when hours are entered, a query to display a user’s assigned projects can be exposed. Copying the query URL and opening it in a new browser window makes the ‘IDClient’ parameter vulnerable to blind authenticated SQL injection. If the attacker uses a TWAdmi...
CVE-2025-59920 SQL injection in time@work from systems@work
When hours are entered in time@work, version 7.0.5, it performs a query to display the projects assigned to the user. If the query URL is copied and opened in a new browser window, the ‘IDClient’ parameter is vulnerable to a blind authenticated SQL injection. If the request is made with the TWAdm...
PT-2026-20389
When hours are entered in time@work, version 7.0.5, it performs a query to display the projects assigned to the user. If the query URL is copied and opened in a new browser window, the ‘IDClient’ parameter is vulnerable to a blind authenticated SQL injection. If the request is made with the TWAdm...
Sql injection
Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the 1 idcat or 2 idclient parameter to backend/main.php...