CVE-2013-10033
Kimai 0.9.2 db_restore.php SQL Injection
An unauthenticated SQL injection vulnerability exists in Kimai version 0.9.2.x via the db_restore.php endpoint. The flaw allows attackers to inject arbitrary SQL queries into the dates[] POST parameter, enabling file write via INTO OUTFILE under specific environmental conditions. This can lead to remote code execution by writing a PHP payload to the web-accessible temporary directory. The vulnerability has been confirmed in versions including 0.9.2.beta, 0.9.2.1294.beta, and 0.9.2.1306-3.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Kimai Project · Kimaipublic PoCs found — 4
cve_referenceraw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/kimai_sqli.rbunverifiedcve_referencevulners.com/metasploit/MSF:EXPLOIT-UNIX-WEBAPP-KIMAI_SQLI-unverifiedcve_referencewww.exploit-db.com/exploits/25606unverifiedcve_referencewww.exploit-db.com/exploits/30010unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/kimai_sqli.rbhttps://vulners.com/metasploit/MSF:EXPLOIT-UNIX-WEBAPP-KIMAI_SQLI-https://www.exploit-db.com/exploits/25606https://www.exploit-db.com/exploits/30010https://www.vulncheck.com/advisories/kimai-sqli