2026-01-29 14:28:28
VulnCheck
PUBLISHED
TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the notes parameter. Attackers can inject conditional time delays in the add_entry.php endpoint to determine user existence by measuring response time differences.