5 matches found
CVE-2025-15560
An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server "widget" API endpoint to inject SQL queries. If the Firebird backend is used, attackers are able to retrieve all data from the database backend. If the MSSQL backend is used the attacker can...
CVE-2025-15560
An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server "widget" API endpoint to inject SQL queries. If the Firebird backend is used, attackers are able to retrieve all data from the database backend. If the MSSQL backend is used the attacker can...
CVE-2025-15560
An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server "widget" API endpoint to inject SQL queries. If the Firebird backend is used, attackers are able to retrieve all data from the database backend. If the MSSQL backend is used the attacker can...
CVE-2025-15560
CVE-2025-15560 : An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server “widget” API endpoint to inject SQL queries. If the backend uses Firebird , the attacker can retrieve all data from the database. If the backend uses MSSQL , the attacker can exe...
CVE-2025-15560 SQL Injection in NesterSoft WorkTime
An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server "widget" API endpoint to inject SQL queries. If the Firebird backend is used, attackers are able to retrieve all data from the database backend. If the MSSQL backend is used the attacker can...