ZKTeco ZKTime Web CVE-2017-17056 Cross Site Request Forgery Vulnerability



ZKTeco ZKTime Web is prone to a cross-site request forgery vulnerability because it fails to properly validate HTTP requests.

Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.

Information

Bugtraq ID: 102007
Class: Input Validation Error
CVE: CVE-2017-17056

Remote: Yes
Local: No
Published: Nov 30 2017 12:00AM
Updated: Nov 30 2017 12:00AM
Credit: Himanshu Mehta (@LionHeartRoxx)
Vulnerable: ZKTeco ZKTime Web 2.0.1.12280


Not Vulnerable:

Exploit


An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.


References:

Related Posts