What is CVE-2013-10033?

CVE-2013-10033 is a vulnerability in Kimai Project, classified under SQL Injection. Published 2025-07-31.

Is CVE-2013-10033 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Kimai Project

CVE-2013-10033

An unauthenticated SQL injection vulnerability exists in Kimai version 0.9.2.x via the db_restore.php endpoint. The flaw allows attackers to inject arbitrary SQL queries into the dates[] POST parameter, enabling file write via INTO OUTFILE…

Vulnerability class: SQL Injection

EPSS: 0.666 (98.6th percentile) — read the EPSS interpretation.

Affected products

Kimai Project — versions 0.9.2.0

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/u… (exploit)
www.exploit-db.com/exploits/30010 (exploit)
www.exploit-db.com/exploits/25606 (exploit)
vulners.com/metasploit/MSF:EXPLOIT-UNIX-WEBAPP-KIMAI_SQLI- (exploit)
www.vulncheck.com/advisories/kimai-sqli (third-party-advisory)

Frequently asked questions

What is CVE-2013-10033?: CVE-2013-10033 is a vulnerability in Kimai Project, classified under SQL Injection. Published 2025-07-31.
Is CVE-2013-10033 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.