exploitDog

GHSA-2cwj-97vw-wc3w

Опубликовано: 17 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 8

Описание

Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens.

Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens.

Ссылки

EPSS

Процентиль: 37%

0.00156

Низкий

8 High

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2017-13129

CVSS3: 8

nvd

больше 8 лет назад

Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens.

EPSS

Процентиль: 37%

0.00156

Низкий

8 High

CVSS3

CVE ID

Дефекты

CWE-352