Published: 21/09/2017 Updated: 03/10/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

ZKTeco ZKTime Web allows remote malicious users to obtain sensitive employee metadata via a direct request for a PDF document.

Affected Products

Vendor Product Versions
ZktecoZktime Web2.0.1.12280


Exploit Title: ZKTime Web Software 20 - Broken Authentication CVE-ID: CVE-2017-14680 Vendor Homepage: wwwzktecocom/product/ZKTime_Web_20_435html Vendor of Product: ZKTeco Affected Product Code: ZKTime Web - 20112280 Category: WebApps Author: Arvind V Author Social: @Find_Arvind ------------------------------------------ Product d ...

Mailing Lists

ZKTime Web Software version 20 suffers from an insecure direct object reference vulnerability ...