#16 SQL Injection and Cross Site Scripting

[Tyler Butler]

PHP Timeclock versions 1.04 and prior suffer from serious security vulnerabilities including SQL injection and Cross Site Scripting. This goes without saying but do not use this product anymore in 2021. You can read more about the vulnerabilities here https://github.com/tcbutler320/PHP-Timeclock-1.04-XSS-SQLI or on exploit-db here https://www.exploit-db.com/exploits/49849.