Vulnerabilities > CVE-2006-4705 - SQL Injection vulnerability in Dominic Gamble Timesheet.PHP 1.2.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
SQL injection vulnerability in login.php in dwayner79 and Dominic Gamble Timesheet (aka Timesheet.php) 1.2.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://secaware.blogspot.com/2006/09/timesheet-121-blind-sql-injection.html
- http://secunia.com/advisories/21831
- http://securityreason.com/securityalert/1542
- http://www.securityfocus.com/archive/1/445603/100/0/threaded
- http://www.securityfocus.com/bid/19856
- http://www.vupen.com/english/advisories/2006/3547