Summary
The host is installed with kimai and is prone to security bypass vulnerability
Impact
Successful exploitation will allow remote attackers to conduct certain backup and restore operations.
Impact Level: Application
Solution
Upgrade to Kimai version 0.9.3 or latest. For updates refer to http://www.kimai.org/
Insight
The flaw is due to an improper restricting access to 'db_restore.php' script
Affected
Kimai version 0.9.2.1306 and prior.
Detection
Send a crafted exploit string via HTTP POST request and check whether it is possible to bypass security restrictions.
References
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability
- 'research_display.php' SQL Injection Vulnerability
- aflog Cookie-Based Authentication Bypass Vulnerability
- Apple Safari PDF Javascript Security Bypass Bypass Vulnerability
- Apache Archiva Multiple Remote Command Execution Vulnerabilities