cpe:/a:irola:my-time:3.5 CVE-2007-6217 2007-12-04T10:46:00.000-05:00 2017-09-28T21:29:51.143-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-12-04T13:41:00.000-05:00 BUGTRAQ 20071123 Aria-Security.net: Irola My-Time v3.5 SQL Injection BID 26548 SECUNIA 27798 SREASON 3414 OSVDB 38813 EXPLOIT-DB 4649 VUPEN ADV-2007-3996 MISC http://aria-security.net/forum/showthread.php?p=1106 Multiple SQL injection vulnerabilities in login.asp in Irola My-Time (aka Timesheet) 3.5 allow remote attackers to execute arbitrary SQL commands via the (1) login (aka Username) and (2) password parameters. NOTE: some of these details are obtained from third party information.