An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request formReferenceshttp://timetrax.comhttps://github.com/morphine009/CVE-2025-46157