{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/sourceforge/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.2,"id":"CVE-2021-47966"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["PHP Timeclock"],"_cs_severities":["high"],"_cs_tags":["sqli","web-application","php"],"_cs_type":"advisory","_cs_vendors":["SourceForge"],"content_html":"\u003cp\u003ePHP Timeclock 1.04 is susceptible to SQL injection vulnerabilities, specifically time-based and boolean-based blind SQL injection. The vulnerability resides in the \u003ccode\u003elogin_userid\u003c/code\u003e parameter of the \u003ccode\u003elogin.php\u003c/code\u003e script. Unauthenticated attackers can exploit this flaw by injecting malicious SQL code into the vulnerable parameter, enabling them to extract sensitive information from the database. This includes employee names and credentials, potentially leading to unauthorized access and data breaches. The attack involves crafting specific POST requests containing SQL payloads designed to leverage \u003ccode\u003eSLEEP\u003c/code\u003e functions or \u003ccode\u003eRLIKE\u003c/code\u003e conditional statements to infer database contents.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies the login form at \u003ccode\u003elogin.php\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious POST request targeting the \u003ccode\u003elogin_userid\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe POST request contains a SQL payload designed to exploit the blind SQL injection vulnerability, using \u003ccode\u003eSLEEP\u003c/code\u003e functions (time-based) or \u003ccode\u003eRLIKE\u003c/code\u003e conditional statements (boolean-based).\u003c/li\u003e\n\u003cli\u003eThe server processes the SQL payload within the \u003ccode\u003elogin_userid\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eBased on the response time (time-based) or the boolean result (boolean-based), the attacker infers information about the database structure and contents.\u003c/li\u003e\n\u003cli\u003eThe attacker iteratively refines the SQL payloads to extract more data.\u003c/li\u003e\n\u003cli\u003eSensitive information, such as employee usernames and passwords, is extracted from the database.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability allows attackers to extract sensitive database information, including employee credentials and personal data. This can lead to unauthorized access to the system, data breaches, and potential compromise of employee accounts. The vulnerability affects PHP Timeclock 1.04, potentially impacting any organization using this software to manage employee time tracking. The CVSS v3.1 base score is 8.2, indicating a high severity.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply available patches or upgrade to a secure version of PHP Timeclock to remediate CVE-2021-47966.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule to detect SQL injection attempts against the \u003ccode\u003elogin_userid\u003c/code\u003e parameter in \u003ccode\u003elogin.php\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious POST requests containing SQL syntax, specifically \u003ccode\u003eSLEEP\u003c/code\u003e and \u003ccode\u003eRLIKE\u003c/code\u003e functions.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization on the \u003ccode\u003elogin_userid\u003c/code\u003e parameter to prevent SQL injection attacks.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-15T19:20:11Z","date_published":"2026-05-15T19:20:11Z","id":"https://feed.craftedsignal.io/briefs/2026-05-php-timeclock-sqli/","summary":"PHP Timeclock 1.04 is vulnerable to time-based and boolean-based blind SQL injection in the login_userid parameter of login.php, allowing unauthenticated attackers to extract sensitive database information by sending crafted POST requests with SQL payloads.","title":"PHP Timeclock 1.04 Unauthenticated SQL Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-php-timeclock-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — SourceForge","version":"https://jsonfeed.org/version/1.1"}