Summary
The host is installed with kimai and is prone to security bypass vulnerability
Impact
Successful exploitation will allow remote attackers to conduct certain backup and restore operations.
Impact Level: Application
Solution
Upgrade to Kimai version 0.9.3 or latest. For updates refer to http://www.kimai.org/
Insight
The flaw is due to an improper restricting access to 'db_restore.php' script
Affected
Kimai version 0.9.2.1306 and prior.
Detection
Send a crafted exploit string via HTTP POST request and check whether it is possible to bypass security restrictions.
References
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- ApPHP MicroBlog Remote Code Execution Vulnerability
- ASUS RT56U Router Multiple Vulnerabilities
- Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities
- Apache Struts2 Redirection and Security Bypass Vulnerabilities
- Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability