5 matches found
EUVD-2013-7255
Malware in sbrugna...
CVE-2013-10033
An unauthenticated SQL injection vulnerability exists in Kimai version 0.9.2.x via the dbrestore.php endpoint. The flaw allows attackers to inject arbitrary SQL queries into the dates POST parameter, enabling file write via INTO OUTFILE under specific environmental conditions. This can lead to...
CVE-2013-10033
An unauthenticated SQL injection vulnerability exists in Kimai version 0.9.2.x via the dbrestore.php endpoint. The flaw allows attackers to inject arbitrary SQL queries into the dates POST parameter, enabling file write via INTO OUTFILE under specific environmental conditions. This can lead to...
CVE-2013-10033
Kimai 0.9.2.x is affected by an unauthenticated SQL injection via db_restore.php (dates[]), allowing arbitrary SQL and file write via INTO OUTFILE under certain environmental conditions. This can enable remote code execution by writing a PHP payload to the web-accessible temp directory. Affected ...
CVE-2013-10033 Kimai 0.9.2 db_restore.php SQL Injection
An unauthenticated SQL injection vulnerability exists in Kimai version 0.9.2.x via the dbrestore.php endpoint. The flaw allows attackers to inject arbitrary SQL queries into the dates POST parameter, enabling file write via INTO OUTFILE under specific environmental conditions. This can lead to...