Primary

Context

eTimeTrackLite Web Permission Control Flaw Allowing Unauthorized Database Configuration Modifications

Vulnerability

A permission control vulnerability has been identified in eTimeTrackLite Web versions through 12.0 (20250704). This flaw allows unauthorized attackers to access specific routes and alter database connection settings. The vulnerability could be exploited remotely, potentially bypassing the application's login process.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in database connection configurations, allowing attackers to manipulate how the application interacts with its database.

Reproduction

To reproduce this vulnerability, access the '/admin/DBSettings.aspx' route without proper authorization. Once on the page, unauthorized changes can be made to the database connection settings, which will be applied without any verification or authentication.

Added: Oct 27, 2025, 2:45 PM

Updated: Oct 27, 2025, 4:32 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.8

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.8

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

eTimeTrackLite Web Permission Control Flaw Allowing Unauthorized Database Configuration Modifications

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating