Multiple PHP remote file inclusion vulnerabilities in Enterprise Timesheet and Payroll Systems (EPS) 1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter in (1) footer.php and (2) admin/footer.php.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| enterprise_payroll_systems | enterprise_payroll_systems | 1.01_alpha |
| enterprise_payroll_systems | enterprise_payroll_systems | 1.1 |
| enterprise_payroll_systems | enterprise_payroll_systems | 1.0_alpha |
PHP remote file inclusion vulnerability in Enterprise Timesheet and Payroll Systems (EPS) 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter in cal.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| enterprise_payroll_systems | enterprise_payroll_systems | 1.01_alpha |
| enterprise_payroll_systems | enterprise_payroll_systems | 1.1 |
| enterprise_payroll_systems | enterprise_payroll_systems | 1.0_alpha |