Skip to main content

Zktime Web

4 CVEs product

Monthly

CVE-2017-17057 MEDIUM POC This Month

There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zktime Web
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-17056 HIGH POC This Week

The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevate the privileges of the application user using a 'password_change()' function of the Modify Password component, reachable via the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Zktime Web
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-13129 HIGH POC This Week

Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Zktime Web
NVD Exploit-DB
CVSS 3.0
8.0
EPSS
0.2%
CVE-2017-14680 HIGH POC THREAT Act Now

ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.1%.

Information Disclosure Zktime Web
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
10.1%
EPSS 0% CVSS 6.1
MEDIUM POC This Month

There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zktime Web
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevate the privileges of the application user using a 'password_change()' function of the Modify Password component, reachable via the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Zktime Web
NVD
EPSS 0% CVSS 8.0
HIGH POC This Week

Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Zktime Web
NVD Exploit-DB
EPSS 10% CVSS 7.5
HIGH POC THREAT Act Now

ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.1%.

Information Disclosure Zktime Web
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy