Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:52 a.m.4 views

CVE-2023-46245

Kimai is a web-based multi-user time-tracking application. Versions prior to 2.1.0 are vulnerable to a Server-Side Template Injection SSTI which can be escalated to Remote Code Execution RCE. The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the...

7.2CVSS7.7AI score0.01466EPSS
Exploits1
Circl
Circl
added 2023/10/31 7:22 p.m.6 views

CVE-2023-46245

creationtimestamp| type| source ---|---|--- 2023-10-31 19:22:25+00:00| seen| https://t.me/cibsecurity/73257...

7.2CVSS7AI score0.01466EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/10/31 3:6 p.m.25 views

CVE-2023-46245 Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File

Kimai is a web-based multi-user time-tracking application. Versions prior to 2.1.0 are vulnerable to a Server-Side Template Injection SSTI which can be escalated to Remote Code Execution RCE. The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the...

7.2CVSS7.5AI score0.01466EPSS
Exploits1References2
CVE
CVE
added 2023/10/31 3:6 p.m.94 views

CVE-2023-46245

Kimai 2.x prior to 2.1.0 is vulnerable to Server-Side Template Injection (SSTI) via uploaded Twig templates, which can be escalated to Remote Code Execution (RCE) when rendering PDFs/HTML invoices. Proof-of-concept payloads upload a Twig file and trigger rendering to execute arbitrary commands on...

7.2CVSS7.3AI score0.01466EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder