kimai2 is vulnerable to cross-site request forgery attacks. The vulnerability exists in deleteLogfileAction
function in DoctorController.php
which allows a malicious attacker to perform unauthenticated deletions of existing log files performing unauthenticated actions.