SourceForge — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/vendors/sourceforge/Trending threats, MITRE ATT&CK coverage, and detection metadata. Fed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioFri, 15 May 2026 19:20:11 +0000PHP Timeclock 1.04 Unauthenticated SQL Injection Vulnerabilityhttps://feed.craftedsignal.io/briefs/2026-05-php-timeclock-sqli/Fri, 15 May 2026 19:20:11 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-05-php-timeclock-sqli/PHP Timeclock 1.04 is vulnerable to time-based and boolean-based blind SQL injection in the login_userid parameter of login.php, allowing unauthenticated attackers to extract sensitive database information by sending crafted POST requests with SQL payloads.PHP Timeclock 1.04 is susceptible to SQL injection vulnerabilities, specifically time-based and boolean-based blind SQL injection. The vulnerability resides in the login_userid parameter of the login.php script. Unauthenticated attackers can exploit this flaw by injecting malicious SQL code into the vulnerable parameter, enabling them to extract sensitive information from the database. This includes employee names and credentials, potentially leading to unauthorized access and data breaches. The attack involves crafting specific POST requests containing SQL payloads designed to leverage SLEEP functions or RLIKE conditional statements to infer database contents.

Attack Chain

  1. An unauthenticated attacker identifies the login form at login.php.
  2. The attacker crafts a malicious POST request targeting the login_userid parameter.
  3. The POST request contains a SQL payload designed to exploit the blind SQL injection vulnerability, using SLEEP functions (time-based) or RLIKE conditional statements (boolean-based).
  4. The server processes the SQL payload within the login_userid parameter.
  5. Based on the response time (time-based) or the boolean result (boolean-based), the attacker infers information about the database structure and contents.
  6. The attacker iteratively refines the SQL payloads to extract more data.
  7. Sensitive information, such as employee usernames and passwords, is extracted from the database.

Impact

Successful exploitation of this SQL injection vulnerability allows attackers to extract sensitive database information, including employee credentials and personal data. This can lead to unauthorized access to the system, data breaches, and potential compromise of employee accounts. The vulnerability affects PHP Timeclock 1.04, potentially impacting any organization using this software to manage employee time tracking. The CVSS v3.1 base score is 8.2, indicating a high severity.

Recommendation

  • Apply available patches or upgrade to a secure version of PHP Timeclock to remediate CVE-2021-47966.
  • Deploy the Sigma rule to detect SQL injection attempts against the login_userid parameter in login.php.
  • Monitor web server logs for suspicious POST requests containing SQL syntax, specifically SLEEP and RLIKE functions.
  • Implement input validation and sanitization on the login_userid parameter to prevent SQL injection attacks.
]]>highadvisorysqliweb-applicationphp