5 matches found
ZKTeco ZKTime Web Cross Site Request Forgery (CVE-2017-13129)
A Cross Site Request Forgery vulnerability exists in ZKTime Web. The vulnerability is due to lack of protections mechanisms in place to block any kind of forged requests. unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target system...
ZKTime Web Software 2.0 Cross Site Request Forgery
Exploit Title: ZKTime Web Software 2.0 - Cross Site Request Forgery CVE-ID: CVE-2017-13129 Vendor Homepage: https://www.zkteco.com/product/ZKTimeWeb2.0435.html Vendor of Product: ZKTeco Affected Product Code: ZKTime Web - 2.0.1.12280 Category: WebApps Author: Arvind V. Author Social: @FindArvind...
CVE-2017-13129
Cross-site request forgery CSRF vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens...
CVE-2017-13129
CVE-2017-13129 affects ZKTime Web 2.0.1.12280 (ZKTeco) and is due to a CSRF vulnerability allowing remote authenticated users to hijack administrator actions to add admins, caused by lack of anti-CSRF tokens. Exploitation and in-the-wild details are present in connected sources; no official patch...
ZKTime Web Software 2.0 - Cross-Site Request Forgery
ZKTime Web Software 2.0 - Cross-Site Request Forgery Exploit Title: ZKTime Web Software 2.0 - Cross Site Request Forgery CVE-ID: CVE-2017-13129 Vendor Homepage: https://www.zkteco.com/product/ZKTimeWeb2.0435.html Vendor of Product: ZKTeco Affected Product Code: ZKTime Web - 2.0.1.12280 Category:...