What is GHSA-c527-x2v3-x59w?

GHSA-c527-x2v3-x59w is a security advisory published by GitHub Security Advisories with High severity. PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in...

Which CVE IDs does GHSA-c527-x2v3-x59w cover?

GHSA-c527-x2v3-x59w covers the following CVE IDs: CVE-2021-47966. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-c527-x2v3-x59w?

GHSA-c527-x2v3-x59w has a CVSS v3 base score of 8.2, published by GitHub Security Advisories.

GHSA-c527-x2v3-x59wHighCVSS 8.2

PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in...

Vendor

GitHub Security Advisories

Published

May 15, 2026

Last Modified

May 15, 2026

🔗 CVE IDs covered (1)

CVE-2021-47966 →

📋 Description

PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in the login_userid parameter of login.php that allows unauthenticated attackers to extract database contents. Attackers can submit crafted POST requests with SQL payloads using SLEEP functions or RLIKE conditional statements to dump sensitive database information including employee names and credentials.

🔗 References (6)

https://nvd.nist.gov/vuln/detail/CVE-2021-47966
https://sourceforge.net/projects/timeclock/files/PHP%20Timeclock/PHP%20Timeclock%201.04
https://www.exploit-db.com/exploits/49849
https://www.vulncheck.com/advisories/php-timeclock-sql-injection-via-login-php
http://timeclock.sourceforge.net
https://github.com/advisories/GHSA-c527-x2v3-x59w