4 matches found
CVE-2023-46245
Kimai is a web-based multi-user time-tracking application. Versions prior to 2.1.0 are vulnerable to a Server-Side Template Injection SSTI which can be escalated to Remote Code Execution RCE. The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the...
CVE-2023-46245
creationtimestamp| type| source ---|---|--- 2023-10-31 19:22:25+00:00| seen| https://t.me/cibsecurity/73257...
CVE-2023-46245 Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File
Kimai is a web-based multi-user time-tracking application. Versions prior to 2.1.0 are vulnerable to a Server-Side Template Injection SSTI which can be escalated to Remote Code Execution RCE. The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the...
CVE-2023-46245
Kimai 2.x prior to 2.1.0 is vulnerable to Server-Side Template Injection (SSTI) via uploaded Twig templates, which can be escalated to Remote Code Execution (RCE) when rendering PDFs/HTML invoices. Proof-of-concept payloads upload a Twig file and trigger rendering to execute arbitrary commands on...