CVSS: 6.5EPSS: %CPEs: 1EXPL: 1CVE-2024-35429
https://notcve.org/view.php?id=CVE-2024-35429
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via eventRecord. ZKTeco ZKBio CVSecurity 6.1.1 es vulnerable a Directory Traversal a través de eventRecord. • https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-35429.md • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-31: Path Traversal: 'dir\..\..\filename' •
CVSS: 7.1EPSS: %CPEs: 1EXPL: 1CVE-2024-35428
https://notcve.org/view.php?id=CVE-2024-35428
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via BaseMediaFile. An authenticated user can delete local files from the server which can lead to DoS. ZKTeco ZKBio CVSecurity 6.1.1 es vulnerable a Directory Traversal a través de BaseMediaFile. Un usuario autenticado puede eliminar archivos locales del servidor, lo que puede provocar DoS. • https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-35428.md • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •