1 results (0.008 seconds)
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1
CVE-2024-11049 – ZKTeco ZKBio Time Image File photo direct request
https://notcve.org/view.php?id=CVE-2024-11049
A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /auth_files/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the attack remotely. The complexity of an attack is rather high. • https://gist.githubusercontent.com/whiteman007/f7a85252fed91deff6eb3f20596710b0/raw/b7c8a7f53d3316cfd2da1cae9bcf583d923860b7/biotime%25209.0.1 https://vuldb.com/?ctiid.283662 https://vuldb.com/?id.283662 https://vuldb.com/?submit.435034 • CWE-425: Direct Request ('Forced Browsing') •