CVE-2023-3939

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in ZkTeco-based OEM devices allows OS Command Injection. Since all the found command implementations are executed from the superuser, their impact is the maximum possible. This issue affects...

CVE-2023-3939 Multiple command injection in ZkTeco-based OEM devices

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in ZkTeco-based OEM devices allows OS Command Injection. Since all the found command implementations are executed from the superuser, their impact is the maximum possible. This issue affects...

ZkTeco OEM SQL注入漏洞

ZkTeco OEM is an intelligent system from the Chinese company ZkTeco. ZkTeco OEM suffers from a SQL injection vulnerability that arises from an improper neutralization of special elements used in SQL commands, allowing an attacker to impersonate another user or perform unauthorized actions. The...

ZkTeco OEM SQL注入漏洞

ZkTeco OEM is an intelligent system from the Chinese company ZkTeco. ZkTeco OEM suffers from a SQL injection vulnerability that stems from incorrect neutralization of special elements used in SQL commands, allowing an attacker to authenticate under any user in the device database. The following...