Описание
A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload.
A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-38950
- https://claroty.com/team82/disclosure-dashboard/cve-2023-38950
- https://sploitus.com/exploit?id=PACKETSTORM:177859
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38950
- https://www.fortinet.com/content/dam/fortinet/assets/reports/report-incident-response-middle-east.pdf
- http://zkteco.com
Связанные уязвимости
CVSS3: 7.5
nvd
больше 2 лет назад
A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. This vulnerability was fixed in version 9.0.120240617.19506 of ZKBioTime.
CVSS3: 8.1
fstec
больше 2 лет назад
Уязвимость интерфейса iclock веб-платформы управления учетом рабочего времени BioTime, позволяющая нарушителю получить доступ на чтение произвольных файлов