6 matches found
CVE-2025-59920
When hours are entered in time@work, version 7.0.5, it performs a query to display the projects assigned to the user. If the query URL is copied and opened in a new browser window, the ‘IDClient’ parameter is vulnerable to a blind authenticated SQL injection. If the request is made with the TWAdm...
CVE-2025-59920
When hours are entered in time@work, version 7.0.5, it performs a query to display the projects assigned to the user. If the query URL is copied and opened in a new browser window, the ‘IDClient’ parameter is vulnerable to a blind authenticated SQL injection. If the request is made with the TWAdm...
CVE-2025-59920
CVE-2025-59920 affects time@work v7.0.5: when hours are entered, a query to display a user’s assigned projects can be exposed. Copying the query URL and opening it in a new browser window makes the ‘IDClient’ parameter vulnerable to blind authenticated SQL injection. If the attacker uses a TWAdmi...
CVE-2025-59920 SQL injection in time@work from systems@work
When hours are entered in time@work, version 7.0.5, it performs a query to display the projects assigned to the user. If the query URL is copied and opened in a new browser window, the ‘IDClient’ parameter is vulnerable to a blind authenticated SQL injection. If the request is made with the TWAdm...
CVE-2025-59920 SQL injection in time@work from systems@work
When hours are entered in time@work, version 7.0.5, it performs a query to display the projects assigned to the user. If the query URL is copied and opened in a new browser window, the ‘IDClient’ parameter is vulnerable to a blind authenticated SQL injection. If the request is made with the TWAdm...
systems@work time@work SQL注入漏洞
systems@work time@work is a service automation and working hours management system of the Czech company systems@work. Version 7.0.5 of systems@work time@work has a SQL injection vulnerability. This vulnerability arises from the IDClient parameter, which is vulnerable to authenticated brute-force...