Times Software E-Payroll Denial-of-Service and Potential SQL Injection Vulnerability

Vulnerability

A vulnerability in Times Software E-Payroll has been identified, where a POST parameter used during the login process is not properly sanitized. This flaw allows an unauthenticated attacker to conduct denial-of-service attacks. While SQL injection may also be possible, creating a functional exploit has been hindered by likely backend filtering. Additionally, attempts at command injection result in detailed error messages that reveal information about the internal infrastructure.

Impact

Exploitation of this vulnerability can lead to denial-of-service conditions. According to CERT Polska, the vulnerability also allows for command injection, with the application disclosing internal infrastructure details through error messages.

Added: Nov 18, 2025, 4:29 PM

Updated: Nov 18, 2025, 4:29 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

1.1

threat

0.1

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

1.1

threat

0.1

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Times Software E-Payroll Denial-of-Service and Potential SQL Injection Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating