CVE-2013-10033
published 2025-07-31CVE-2013-10033: An unauthenticated SQL injection vulnerability exists in Kimai version 0.9.2.x via the db_restore.php endpoint. The flaw allows attackers to inject arbitrary…
PriorityP269critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.21%
64.6th percentile
An unauthenticated SQL injection vulnerability exists in Kimai version 0.9.2.x via the db_restore.php endpoint. The flaw allows attackers to inject arbitrary SQL queries into the dates[] POST parameter, enabling file write via INTO OUTFILE under specific environmental conditions. This can lead to remote code execution by writing a PHP payload to the web-accessible temporary directory. The vulnerability has been confirmed in versions including 0.9.2.beta, 0.9.2.1294.beta, and 0.9.2.1306-3.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kimai_project | kimai | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated POST requests to db_restore.php, especially those containing SQL metacharacters or INTO OUTFILE syntax in the dates[] parameter. ↗
- →Alert on SQL injection patterns (e.g., INTO OUTFILE) in POST body parameters targeting Kimai's db_restore.php endpoint, which requires no authentication. ↗
- →Watch for new PHP files written to the Kimai 'temporary' web-accessible directory, which may indicate successful exploitation and PHP payload drop. ↗
- ·Exploitation via INTO OUTFILE for RCE is only possible when the PHP configuration has 'display_errors' enabled. ↗
- ·The file-write RCE vector requires Kimai to be configured with a MySQL database running on localhost. ↗
- ·Successful payload write requires the MySQL user to have filesystem write permissions to the Kimai temporary directory. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/kimai_sqli.rbhttps://vulners.com/metasploit/MSF:EXPLOIT-UNIX-WEBAPP-KIMAI_SQLI-https://www.exploit-db.com/exploits/25606https://www.exploit-db.com/exploits/30010https://www.vulncheck.com/advisories/kimai-sqli
2025-07-31
Published