Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-43515 PoC — Kimai 安全漏洞

Source
https://github.com/ixSly/CVE-2021-43515
Associated Vulnerability
Title:Kimai 安全漏洞 (CVE-2021-43515)
Description:CSV Injection (aka Excel Macro Injection or Formula Injection) exists in creating new timesheet in Kimai. By filling the Description field with malicious payload, it will be mistreated while exporting to a CSV file.
Readme
# CVE-2021-43515 - Kimai 2 < v1.14 CSV Injection

Kimai is a free, open source and online time-tracking software designed for small businesses and freelancers. Same as any other collaboration project, it gives the users the ability to export data in several formats CSV, PDF, and HTML. However, it didn't properly sanatize the user input, which made room for potential injections. 

CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input inside CSV files. On the dashboard page after a successful login, it is possible for an attacker to set certain values in the **Descreption** field that - when exported and opened with a spreadsheet application (Microsoft Excel, Open Office, etc.) - will be interpreted as a formula. This puts the users/administrators who open those malicious exported files at risk. Exfiltration of sensitive data or even the **execution of arbitrary code** on the local machine of the victim will be the result. The final impact depends on the used spreadsheet software on the client of the victim.

## PoC


![image](https://user-images.githubusercontent.com/32583633/164052927-be89f061-6c42-4880-b1c0-7b23576c680f.png)

![image](https://user-images.githubusercontent.com/32583633/164053238-ea3173ba-4721-4a00-8413-b4a3fb40c6dd.png)




### This was responsibly disclosed to the relevant stakeholders, the vulnerability was patched afterwards.
File Snapshot

 [4.0K]  /data/pocs/1d67ab35c21edf6458a369a3784fc33a3d8681eb
└── [1.4K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →