ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to contain a CSV injection vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the Content text field of the Add New Message module.
References
Link | Resource |
---|---|
https://the-it-wonders.blogspot.com/2022/09/zkbio-time-csv-injection.html | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-09-29T19:02:07
Updated: 2022-09-29T19:02:07
Reserved: 2022-09-11T00:00:00
Link: CVE-2022-40472
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-09-29T20:15:14.460
Modified: 2022-10-03T18:43:57.500
Link: CVE-2022-40472
JSON object: View
Redhat Information
No data.
CWE