MidnightBSD

Advisories for iwcnetwork

CVE-2017-17876 MEDIUM

Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-275,

Products Affected

Vendor Product Version
iwcnetwork shift 3.0
CVE-2017-17989 LOW

Biometric Shift Employee Management System has XSS via the index.php holiday_name parameter in an edit_holiday action.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
iwcnetwork biometric_shift_employee_management_system 4.0
CVE-2017-17990 MEDIUM

Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
iwcnetwork biometric_shift_employee_management_system 4.0
CVE-2017-17991 LOW

Biometric Shift Employee Management System has XSS via the expense_name parameter in an index.php?user=expenses request.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
iwcnetwork biometric_shift_employee_management_system 4.0
CVE-2017-17992 MEDIUM

Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
iwcnetwork biometric_shift_employee_management_system 4.0
CVE-2017-17993 LOW

Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=addition_deduction request.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
iwcnetwork biometric_shift_employee_management_system 4.0
CVE-2017-17994 LOW

Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competency_criteria request.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
iwcnetwork biometric_shift_employee_management_system 4.0
CVE-2017-17995 LOW

Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
iwcnetwork biometric_shift_employee_management_system 4.0