Kimai has an XXE Leading to Local File Read

Summary Kimai uses PHPSpreadsheet for importing and exporting invoices. Recently, a CVE was identified in PHPSpreadsheet, which could lead to an XXE vulnerability. Details Exploitation requires an Administrator account, allowing the upload of an XLSX template containing the payload. The...

PT-2024-40087 · Unknown +1 · Phpspreadsheet +1

Name of the Vulnerable Software and Affected Versions: Kimai versions affected versions not specified PHPSpreadsheet versions affected versions not specified Description: The issue is related to an XXE vulnerability in PHPSpreadsheet, which is used by Kimai for importing and exporting invoices...