← Back

Iwcnetwork

iwcnetwork

8 CVEs • 2 products

Products (2)

Click to collapse
Toggle
Biometric Shift Employee Management System
biometric_shift_employee_management_system
7 CVEs
Shift
shift
1 CVE

CVEs (8)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2017-17995
1Iwcnetwork
1Biometric Shift Employee Management System
May 13, 2026
Dec 30, 2017
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request.
CVE-2017-17994
1Iwcnetwork
1Biometric Shift Employee Management System
May 13, 2026
Dec 30, 2017
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competency_criteria request.
CVE-2017-17993
1Iwcnetwork
1Biometric Shift Employee Management System
May 13, 2026
Dec 30, 2017
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=addition_deduction request.
CVE-2017-17992
1Iwcnetwork
1Biometric Shift Employee Management System
May 13, 2026
Dec 30, 2017
N/A· v4
9.8 CRITICAL· v3
5.0 MEDIUM· v2
Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action.
CVE-2017-17991
1Iwcnetwork
1Biometric Shift Employee Management System
May 13, 2026
Dec 30, 2017
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Biometric Shift Employee Management System has XSS via the expense_name parameter in an index.php?user=expenses request.
CVE-2017-17990
1Iwcnetwork
1Biometric Shift Employee Management System
May 13, 2026
Dec 30, 2017
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action.
CVE-2017-17989
1Iwcnetwork
1Biometric Shift Employee Management System
May 13, 2026
Dec 30, 2017
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Biometric Shift Employee Management System has XSS via the index.php holiday_name parameter in an edit_holiday action.
CVE-2017-17876
1Iwcnetwork
1Shift
May 13, 2026
Dec 27, 2017
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter.