Description - Multiple Vulnerabilities in Time Tracking Software
Multiple Vulnerabilities found in Time Tracking Software script.
- Exploit
- Available
- Solution
- Not available - check TTS Software website
1. Unauthorized data modification is possible.
Script edituser.php dont checks name and password and allows to modify data of any user.
2. Multiple SQL Injections
Most of user defined data isn't properly sanitized. This can be used to bypass authentication or make any SQL query by injecting arbitrary SQL code.
3. Cross-Site Scripting
UserName value in Registration Form is not properly sanitized. This can be used to insert arbitrary HTML or JavaScript code.
Order Source Code Testing made by eVuln team
Check your site or web application by source code analysis of your website made by our team.The work will be done by experts in website security.