4 matches found
CVE-2017-17056
The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevate the privileges of the application user using a 'passwordchange' function of the Modify Password component, reachable via the oldpassword, newpassword1, and newpassword2 parameters to the /accounts/passwordchange/ URI. An...
CVE-2017-17056
The CVE-2017-17056 entry concerns ZKTime Web Software 2.0.1.12280. The vulnerability is a Cross-Site Request Forgery (CSRF) in the Modify Password component’s password_change() function, reachable via old_password/new_password1/new_password2 to /accounts/password_change/. An attacker can craft a ...
ZKTeco ZKTime Web 2.0.1.12280 Cross Site Request Forgery Vulnerability
Exploit for jsp platform in category web applications 1. Introduction Vendor: ZKTeco Affected Product: ZKTime Web - 2.0.1.12280 Fixed in: Vendor Website: https://www.zkteco.com/product/ZKTimeWeb2.0435.html Vulnerability Type: Cross Site Request Forgery Remote Exploitable: Yes CVE: CVE-2017-17056 ...
ZKTeco ZKTime Web 2.0.1.12280 Cross Site Request Forgery
Introduction Vendor: ZKTeco Affected Product: ZKTime Web - 2.0.1.12280 Fixed in: Vendor Website: https://www.zkteco.com/product/ZKTimeWeb2.0435.html Vulnerability Type: Cross Site Request Forgery Remote Exploitable: Yes CVE: CVE-2017-17056 2. Product description ZKTime Web 2.0 is a cutting edge...