Primary

Context

NesterSoft WorkTime Broken Access Control Vulnerability Allowing Database Configuration Reset

Vulnerability

A vulnerability exists in NesterSoft WorkTime on-premises versions through 11.8.8, allowing any unauthenticated user to reset the database configuration by sending a specific HTTP request to the WorkTime server. This issue arises from a lack of authorization checks, enabling unauthorized users to manipulate the application's database settings.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition by resetting the application's database configuration, which can disrupt normal operations and functionality.

Reproduction

To reproduce this vulnerability, send an unauthenticated HTTP request to the WorkTime server with the specific endpoint that resets the database configuration. The request can be crafted using a tool like curl or Postman, ensuring that no authentication tokens are included.

Added: Feb 19, 2026, 7:03 PM

Updated: Feb 19, 2026, 7:03 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

8.7

remediation

0.0

relevance

3.1

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

8.7

remediation

0.0

relevance

3.1

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NesterSoft WorkTime Broken Access Control Vulnerability Allowing Database Configuration Reset

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating