{"vulnerability": "CVE-2023-46245", "sightings": [{"uuid": "589a7cf4-b6b3-481e-98ce-f995422a0844", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46245", "type": "seen", "source": "https://t.me/cibsecurity/73257", "content": "\u203c CVE-2023-46245 \u203c\n\nKimai is a web-based multi-user time-tracking application. Versions 2.1.0 and prior are vulnerable to a Server-Side Template Injection (SSTI) which can be escalated to Remote Code Execution (RCE). The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the software's PDF and HTML rendering functionalities. As of time of publication, no patches or known workarounds are available.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-31T19:22:25.000000Z"}]}