Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Kimai 1.30.10 SameSite Cookie Vulnerability Session Hijacking
Vulnerability Description
Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie information to a file, enabling potential session hijacking.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
CWE-1275
Vulnerability Title
kimai 安全漏洞
Vulnerability Description
kimai是kimai个人开发者的一个基于网络的多用户时间跟踪应用程序。 kimai 1.30.10版本存在安全漏洞,该漏洞源于SameSite cookie实现不当,可能导致会话劫持。
CVSS Information
N/A
Vulnerability Type
N/A