Cross Site Request Forgery (CSRF)

kimai2 is vulnerable to cross-site request forgery attacks. The vulnerability exists in deleteLogfileAction function in DoctorController.php which allows a malicious attacker to perform unauthenticated deletions of existing log files performing unauthenticated actions...