CSV Injection

Overview Affected versions of this package are vulnerable to CSV Injection via the XLSX export process. An attacker can execute arbitrary formulas on the system of a user who opens the exported file by creating a tag with a formula string as its name and assigning it to a timesheet, which is then...

EUVD-2013-7255

Malware in sbrugna...

CVE-2013-10033

An unauthenticated SQL injection vulnerability exists in Kimai version 0.9.2.x via the dbrestore.php endpoint. The flaw allows attackers to inject arbitrary SQL queries into the dates POST parameter, enabling file write via INTO OUTFILE under specific environmental conditions. This can lead to...

CVE-2013-10033

An unauthenticated SQL injection vulnerability exists in Kimai version 0.9.2.x via the dbrestore.php endpoint. The flaw allows attackers to inject arbitrary SQL queries into the dates POST parameter, enabling file write via INTO OUTFILE under specific environmental conditions. This can lead to...

CVE-2013-10033

Kimai 0.9.2.x is affected by an unauthenticated SQL injection via db_restore.php (dates[]), allowing arbitrary SQL and file write via INTO OUTFILE under certain environmental conditions. This can enable remote code execution by writing a PHP payload to the web-accessible temp directory. Affected ...

CVE-2013-10033 Kimai 0.9.2 db_restore.php SQL Injection

An unauthenticated SQL injection vulnerability exists in Kimai version 0.9.2.x via the dbrestore.php endpoint. The flaw allows attackers to inject arbitrary SQL queries into the dates POST parameter, enabling file write via INTO OUTFILE under specific environmental conditions. This can lead to...