CVE-2024-22988

2024-02-2323:15:09

[email protected]

web.nvd.nist.gov

3087

issue

zkteco

zkbio

wdms

v.8.0.5

execute

arbitrary code

files

backup

cve-2024-22988

nvd

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

An issue in zkteco zkbio WDMS v.8.0.5 allows an attacker to execute arbitrary code via the /files/backup/ component.

References

gist.github.com/whiteman007/b50a9b64007a5d7bcb7a8bee61d2cb47

www.vicarius.io/vsociety/posts/revealing-cve-2024-22988-a-unique-dive-into-exploiting-access-control-gaps-in-zkbio-wdms-uncover-the-untold-crafted-for-beginners-with-a-rare-glimpse-into-pentesting-strategies

zkteco.com