2 matches found
ZKTeco BioTime <= 9.0.1 - Privilege Escalation
BioTime default employee credentials password 123456 allow login. Sessions are not role-validated, enabling privilege escalation to perform admin actions and enumerate backup files. id: CVE-2023-38952 info: name: ZKTeco BioTime = 9.0.1 - Privilege Escalation author: riteshs4hu severity: high...
ZKTeco BioTime Path Traversal Vulnerability
ZKTeco BioTime is a powerful web-based time and attendance management software from the Chinese company ZKTeco. A path traversal vulnerability exists in ZKTeco BioTime v8.5.5 that could allow an unauthenticated attacker to arbitrarily reset the administrator password via a crafted web request...