CRITICAL
Cyclope-Series
CVE published 2025-08-08
CVE-2012-10047
Cyclope Employee Surveillance Solution 6.x contains a critical SQL injection vulnerability in its authentication mechanism. The username parameter in the auth-login POST request lacks proper input sanitization, enabling attackers to inject arbitrary SQL statements. This vulnerability can be chained to write and execute a malicious PHP file on the target system, resulting in remote code execution with SYST [truncated]