Lucene search
K

5 matches found

NVD
NVD
added 2023/08/03 11:15 p.m.12 views

CVE-2023-38951

ZKTeco BioTime 8.5.5 through 9.x before 9.0.1 20240617.19506 allows authenticated attackers to create or overwrite arbitrary files on the server via crafted requests to /base/sftpsetting/ endpoints that abuse a path traversal issue in the Username field and a lack of input sanitization on the SSH...

9.8CVSS9.5AI score0.03197EPSS
Exploits2References6
Vulnrichment
Vulnrichment
added 2023/08/03 12:0 a.m.20 views

CVE-2023-38951

ZKTeco BioTime 8.5.5 through 9.x before 9.0.1 20240617.19506 allows authenticated attackers to create or overwrite arbitrary files on the server via crafted requests to /base/sftpsetting/ endpoints that abuse a path traversal issue in the Username field and a lack of input sanitization on the SSH...

9.6AI score0.03197EPSS
Exploits2References5
Cvelist
Cvelist
added 2023/08/03 12:0 a.m.25 views

CVE-2023-38951

ZKTeco BioTime 8.5.5 through 9.x before 9.0.1 20240617.19506 allows authenticated attackers to create or overwrite arbitrary files on the server via crafted requests to /base/sftpsetting/ endpoints that abuse a path traversal issue in the Username field and a lack of input sanitization on the SSH...

9.6AI score0.03197EPSS
Exploits2References5
CVE
CVE
added 2023/08/03 12:0 a.m.122 views

CVE-2023-38951

CVE-2023-38951 affects ZKTeco BioTime versions 8.5.5 through 9.x prior to 9.0.1. A path traversal flaw in the /base/sftpsetting/ endpoint allows an authenticated attacker to create or overwrite arbitrary server files by abusing the Username field and insufficient input sanitization on the SSH Key...

9.8CVSS9.6AI score0.03197EPSS
Exploits2References6Affected Software1
Positive Technologies
Positive Technologies
added 2023/08/01 12:0 a.m.4 views

PT-2023-4122 · Zkteco · Zkteco Biotime

Name of the Vulnerable Software and Affected Versions: ZKTeco BioTime version 8.5.5 Description: The issue is related to a path traversal vulnerability in the implementation of the SFTP protocol, which can be exploited by an attacker to write arbitrary files. This can be achieved by using a...

9.8CVSS9.2AI score0.03197EPSS
Exploits2References15
Rows per page
Query Builder