The vulnerability of the txtID parameter in the xp_cmdshell procedure of the BillQuick Web Suite’s time and attendance system allows a perpetrator to execute arbitrary code.

The vulnerability of the txtID parameter in the xpcmdshell procedure of the BillQuick Web Suite payroll and accounting system is related to errors during the elimination of special elements in SQL queries. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...