EPSS
Percentile
31.1%
kevinpapst/kimai2 is vulnerable to cross-site request forgery. An attacker can add admin users to duplicate teams through the duplicateAction function in ProjectController.php
duplicateAction
ProjectController.php
github.com/kevinpapst/kimai2/commit/b28e9c120c87222e21a238f1b03a609d6a5d506e
github.com/kevinpapst/kimai2/pull/2942
huntr.dev/bounties/0567048a-118c-42ec-9f94-b55533017406