Lucene search
+L

CVE-2022-36634

🗓️ 07 Oct 2022 00:00:00Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 71 Views🌐 WEB

An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows attackers to create admin users

Related
Detection
Refs
Paths
Social
ReporterTitlePublishedViews
Family
zdt
ZKSecurity BIO 3.0.5.0_R Privilege Escalation Vulnerability
3 Oct 202200:00
zdt
attackerkb
CVE-2022-36634
7 Oct 202220:15
attackerkb
circl
CVE-2022-36634
8 Oct 202200:17
circl
cnnvd
ZKTeco ZKBioSecurity 安全漏洞
1 Oct 202200:00
cnnvd
cnvd
ZKTeco ZKBioSecurity Access Control Error Vulnerability
11 Oct 202200:00
cnvd
cvelist
CVE-2022-36634
7 Oct 202200:00
cvelist
euvd
EUVD-2022-39337
3 Oct 202520:07
euvd
nvd
CVE-2022-36634
7 Oct 202220:15
nvd
osv
CVE-2022-36634
7 Oct 202220:15
osv
packetstorm
ZKSecurity BIO 3.0.5.0_R Privilege Escalation
1 Oct 202200:00
packetstorm
Rows per page
NVD
Node
ParameterPositionPathDescriptionCWE
authUser.usernamerequest body/authUserAction!edit.actionPrivilege escalation by forging an admin user via crafted multipart/form-data POST to edit actionCWE-863
authUser.loginPwdrequest body/authUserAction!edit.actionPrivilege escalation by forging an admin user via crafted multipart/form-data POST to edit actionCWE-863
repasswordrequest body/authUserAction!edit.actionPrivilege escalation by forging an admin user via crafted multipart/form-data POST to edit actionCWE-863
authUser.isActiverequest body/authUserAction!edit.actionPrivilege escalation by forging an admin user via crafted multipart/form-data POST to edit actionCWE-863
authUser.isSuperuserrequest body/authUserAction!edit.actionPrivilege escalation by forging an admin user via crafted multipart/form-data POST to edit actionCWE-863
groupIdsrequest body/authUserAction!edit.actionPrivilege escalation by forging an admin user via crafted multipart/form-data POST to edit actionCWE-863
deptIdsrequest body/authUserAction!edit.actionPrivilege escalation by forging an admin user via crafted multipart/form-data POST to edit actionCWE-863
areaIdsrequest body/authUserAction!edit.actionPrivilege escalation by forging an admin user via crafted multipart/form-data POST to edit actionCWE-863
authUser.emailrequest body/authUserAction!edit.actionPrivilege escalation by forging an admin user via crafted multipart/form-data POST to edit actionCWE-863
authUser.namerequest body/authUserAction!edit.actionPrivilege escalation by forging an admin user via crafted multipart/form-data POST to edit actionCWE-863
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

09 Jul 2026 01:17Current
8.4High risk
Vulners AI Score8.4
CVSS 3.18.8
EPSS0.0102
71