CVE-2024-22988

Опубликовано: 23 фев. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

ZKteco ZKBio WDMS before 9.0.2 Build 20250526 allows an attacker to download a database backup via the /files/backup/ component because the filename is based on a predictable timestamp.

Ссылки

https://gist.github.com/whiteman007/b50a9b64007a5d7bcb7a8bee61d2cb47
Third Party Advisory
https://www.vicarius.io/vsociety/posts/revealing-cve-2024-22988-a-unique-dive-into-exploiting-access-control-gaps-in-zkbio-wdms-uncover-the-untold-crafted-for-beginners-with-a-rare-glimpse-into-pentesting-strategies
Third Party Advisory
https://www.zkteco.com/en/Security_Bulletinsibs/12
https://zkteco.com
Product
https://gist.github.com/whiteman007/b50a9b64007a5d7bcb7a8bee61d2cb47
Third Party Advisory
https://www.vicarius.io/vsociety/posts/revealing-cve-2024-22988-a-unique-dive-into-exploiting-access-control-gaps-in-zkbio-wdms-uncover-the-untold-crafted-for-beginners-with-a-rare-glimpse-into-pentesting-strategies
Third Party Advisory
https://www.vicarius.io/vsociety/posts/revealing-cve-2024-22988-a-unique-dive-into-exploiting-access-control-gaps-in-zkbio-wdms-uncover-the-untold-crafted-for-beginners-with-a-rare-glimpse-into-pentesting-strategies
Third Party Advisory
https://zkteco.com
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zkteco:zkbio_wdms:8.0.5:*:*:*:*:*:*:*

EPSS

Процентиль: 31%

0.00113

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-94

Связанные уязвимости

GHSA-8rj6-cwhf-4c77