exploitDog

CVE-2022-40472

Опубликовано: 29 сент. 2022

Источник: nvd

CVSS3: 8

EPSS Низкий

Описание

ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to contain a CSV injection vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the Content text field of the Add New Message module.

Ссылки

https://the-it-wonders.blogspot.com/2022/09/zkbio-time-csv-injection.html
Exploit
Third Party Advisory
https://the-it-wonders.blogspot.com/2022/09/zkbio-time-csv-injection.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zktec:zkbio_time:8.0.7:*:*:*:*:*:*:*

EPSS

Процентиль: 71%

0.00684

Низкий

8 High

CVSS3

Дефекты

CWE-1236

CWE-1236

Связанные уязвимости

GHSA-3ffv-92c7-qq64

CVSS3: 8

github

больше 3 лет назад

ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to contain a CSV injection vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the Content text field of the Add New Message module.

EPSS

Процентиль: 71%

0.00684

Низкий

8 High

CVSS3

Дефекты

CWE-1236

CWE-1236