CNNVD-202507-3900 Information

CNNVD ID

CNNVD-202507-3900

Related CVE

CVE-2013-10033

• CNNVD Published: 2025-07-31

Description (Chinese)

kimai是kimai个人开发者的一个基于网络的多用户时间跟踪应用程序。 Kimai 0.9.2.x版本存在安全漏洞，该漏洞源于dates POST参数未经验证，可能导致SQL注入和远程代码执行。

Description (English)

kimai is a web-based multi-user time tracking application for kimai personal developers. There is a security loophole in Kimai version 0.9.2.x, which stems from unverified data POST parameters, which may result in SQL injection and remote code implementation.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-07-31

Last Modified

2026-02-24

References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/kimai_sqli.rb https://vulners.com/metasploit/MSF:EXPLOIT-UNIX-WEBAPP-KIMAI_SQLI- https://www.exploit-db.com/exploits/25606 https://www.exploit-db.com/exploits/30010 https://www.vulncheck.com/advisories/kimai-sqli