3 matches found
CVE-2023-38951
ZKTeco BioTime 8.5.5 through 9.x before 9.0.1 20240617.19506 allows authenticated attackers to create or overwrite arbitrary files on the server via crafted requests to /base/sftpsetting/ endpoints that abuse a path traversal issue in the Username field and a lack of input sanitization on the SSH...
CVE-2023-38951
creationtimestamp| type| source ---|---|--- 2025-05-05 17:48:55+00:00| seen| https://t.me/truesecator/7008 2025-05-05 18:01:11+00:00| seen| https://t.me/icscert/1143 2025-05-06 21:02:16+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lojrr7y3cr2q 2025-05-24 14:44:53+00:00|...
CVE-2023-38951
CVE-2023-38951 affects ZKTeco BioTime versions 8.5.5 through 9.x prior to 9.0.1. A path traversal flaw in the /base/sftpsetting/ endpoint allows an authenticated attacker to create or overwrite arbitrary server files by abusing the Username field and insufficient input sanitization on the SSH Key...