{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T07:29:00.298","vulnerabilities":[{"cve":{"id":"CVE-2013-10033","sourceIdentifier":"disclosure@vulncheck.com","published":"2025-07-31T15:15:32.773","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An unauthenticated SQL injection vulnerability exists in Kimai version 0.9.2.x via the db_restore.php endpoint. The flaw allows attackers to inject arbitrary SQL queries into the dates[] POST parameter, enabling file write via INTO OUTFILE under specific environmental conditions. This can lead to remote code execution by writing a PHP payload to the web-accessible temporary directory. The vulnerability has been confirmed in versions including 0.9.2.beta, 0.9.2.1294.beta, and 0.9.2.1306-3."},{"lang":"es","value":"Existe una vulnerabilidad de inyección SQL no autenticada en la versión 0.9.2.x de Kimai a través del endpoint db_restore.php. Esta falla permite a los atacantes inyectar consultas SQL arbitrarias en el parámetro POST «dates[]», lo que permite la escritura de archivos mediante INTO OUTFILE en condiciones específicas. Esto puede provocar la ejecución remota de código mediante la escritura de un payload PHP en el directorio temporal accesible desde la web. La vulnerabilidad se ha confirmado en versiones como 0.9.2.beta, 0.9.2.1294.beta y 0.9.2.1306-3."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/kimai_sqli.rb","source":"disclosure@vulncheck.com"},{"url":"https://vulners.com/metasploit/MSF:EXPLOIT-UNIX-WEBAPP-KIMAI_SQLI-","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/25606","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/30010","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/kimai-sqli","source":"disclosure@vulncheck.com"}]}}]}