Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
ZKTeco BioTime 8.5.5 through 9.x before 9.0.1 (20240617.19506) allows authenticated attackers to create or overwrite arbitrary files on the server via crafted requests to /base/sftpsetting/ endpoints that abuse a path traversal issue in the Username field and a lack of input sanitization on the SSH Key field. Overwriting specific files may lead to arbitrary code execution as NT AUTHORITY\SYSTEM.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Zkteco BioTime 路径遍历漏洞
Vulnerability Description
Zkteco BioTime是中国Zkteco公司的一款功能强大的基于 web 的时间和出勤管理软件。 ZKTeco BioTime v8.5.5版本存在路径遍历漏洞,该漏洞源于允许未经身份验证的攻击者通过精心设计的 Web 请求任意重置管理员密码。
CVSS Information
N/A
Vulnerability Type
N/A