Access control problems in ZKTeco ZKBioSecurity V5000 3.0.5_r allow attackers to access, create, or modify arbitrary database records via a crafted HTTP request. ZKTeco ZKBioSecurity V5000 3.0.5_r does not properly sanitize user input, allowing remote attackers to modify database records or create arbitrary new users via a crafted HTTP request. Access control issues in ZKTeco ZKBioSecurity V5000 3.0.5_r allow attackers to access, create, or modify arbitrary database records via a crafted HTTP request. ZKTeco ZKBioSecurity V5000 3.0.5_r does not properly sanitize user input, allowing remote attackers to modify database records or create arbitrary new users via a crafted HTTP request. Access control issues in ZKTeco ZKBioSecurity V5000 3.0.5_r allow attackers to access, create, or modify arbitrary database records via a crafted HTTP request. ZKTeco ZKBioSecurity V5000 3.0.5_r does not properly sanitize user input, allowing remote attackers to modify database records or create arbitrary new users via a crafted HTTP request. Access control issues in ZKTeco ZKBioSecurity V5000 3.0.5_r allow attackers to access, create, or modify arbitrary database records via a crafted HTTP request. ZKTeco ZKBioSecurity V5000 3.0.5_r does not properly
Summary
CVE-2022-36634 allows attackers to create and modify arbitrary database records. ZKTeco ZKBioSecurity V5000 3.0.5_r does not properly sanitize user input, allowing remote attackers to modify database records or create arbitrary new users via a crafted HTTP request.
Note: This is the CVE ID associated with this blog post
Authentication flaws in ZKTeco ZKBioSecurity V5000 3.0.5_r
Authentication flaws in ZKTeco ZKBioSecurity V5000 3.0.5_r allow attackers to access, create, or modify arbitrary database records via a crafted HTTP request. ZKTeco ZKBioSecurity V5000 3.0.5_r does not properly sanitize user input, allowing remote attackers to modify database records or create arbitrary new users via a crafted HTTP request.
Access Control Issues in ZKTeco ZKBioSecurity V5000 3.0.5_r
Access control issues in ZKTeco ZKBioSecurity V5000 3.0.5_r allow attackers to access, create, or modify arbitrary database records via a crafted HTTP request. ZKTeco ZKBioSecurity V5000 3.0.5_r does not properly sanitize user input, allowing remote attackers to modify database records or create arbitrary new users via a crafted HTTP request. Access control issues in ZKTeco ZKBioSecurity V5000 3.0.5_r allow attackers to access, create, or modify arbitrary database records via a crafted HTTP request. ZKTeco ZKBioSecurity V5000 3.0.5_r does not properly sanitize user input, allowing remote attackers to modify database records or create arbitrary new users via a crafted HTTP request. Access control issues in ZKTeco ZKBioSecurity V5000 3.0.5_r allow attackers to access, create, or modify arbitrary database records via a crafted HTTP request. ZKTeco
Timeline
Published on: 10/07/2022 20:15:00 UTC
Last modified on: 10/11/2022 15:04:00 UTC