A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later before 4.0 (affecting the com.threeis.webta.H352premPayRequest servlet's SortBy parameter) allows an attacker with the Employee, Supervisor, or Timekeeper role to read sensitive data from the database.
References
Link | Resource |
---|---|
https://www.mindpointgroup.com/articles/ | Third Party Advisory |
https://www.mindpointgroup.com/blog/webta-sqli-vulnerability/ | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2020-07-15 21:15
Updated : 2024-02-04 21:00
NVD link : CVE-2020-14982
Mitre link : CVE-2020-14982
CVE.ORG link : CVE-2020-14982
JSON object : View
Products Affected
kronos
- web_time_and_attendance
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')