2 matches found
CVE-2010-1053
Multiple SQL injection vulnerabilities in Zen Time Tracking 2.2 and earlier, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 username and 2 password parameters to a userlogin.php and b managerlogin.php. NOTE: some of these details are obtained...
CVE-2010-1053
CVE-2010-1053 affects Zen Time Tracking 2.2 and earlier. The vulnerability arises from multiple SQL injection flaws in login paths (userlogin.php and managerlogin.php) where the input parameters (username, password) can be exploited when magic_quotes_gpc is disabled. This allows remote attackers ...