Vulnerability CVE-2022-36635


Published: 2022-10-07   Modified: 2022-10-08

Description:
ZKteco ZKBioSecurity V5000 4.1.3 was discovered to contain a SQL injection vulnerability via the component /baseOpLog.do.

See advisories in our WLB2 database:
Topic
Author
Date
High
ZKSecurity BIO 4.1.2 SQL Injection / Code Execution
Silton Santos
01.10.2022

Type:

CWE-89

(Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

 References:
http://zkbiosecurity.com
http://zkteco.com
https://medium.com/stolabs/cve-2022-36635-a-sql-injection-in-zksecuritybio-to-rce-c5bde2962d47

Copyright 2024, cxsecurity.com

 

Back to Top