漏洞描述
ZKTeco BioTime v8.5.5 是一款用于考勤管理的系统,其 iclock API 存在路径遍历漏洞。攻击者可以通过发送特制的请求,未经身份验证即可读取任意文件。这可能导致敏感信息泄露,例如系统配置文件或用户数据。
ZKTeco BioTime v8.5.5 /iclock/file 目录遍历漏洞(CVE-2023-38950)
PoC代码
暂无相关漏洞推荐
- ZKTeco BioTime v8.5.5存在路径遍历漏洞(CVE-2023-38950)
- POC CVE-2012-5321: TikiWiki CMS Groupware v8.3 - Open Redirect
- POC CVE-2021-3129: Laravel with Ignition <= v8.4.2 Debug Mode - Remote Code Execution
- POC CVE-2021-43798: Grafana v8.x - Arbitrary File Read
- POC CVE-2022-32444: u5cms v8.3.5 - Open Redirect
- POC CVE-2023-38950: ZKTeco BioTime v8.5.5 - Path Traversal
- POC CVE-2024-39250: EfroTech Timetrax v8.3 - Sql Injection
- POC CVE-2024-48360: Qualitor <= v8.24 - Server-Side Request Forgery
- POC CVE-2021-43798: Grafana v8.x Arbitrary File Read
- POC kingsoft-v8-default-password: Kingsoft V8 Default Password
- POC e-cology-v8-sqli: 泛微OA E-Cology getdata.jsp SQL注入漏洞
- POC grafana-file-read: Grafana v8.x Arbitrary File Read
- POC kingsoft-v8-file-read: Kingsoft V8 File Read