An issue in zkteco zkbio WDMS v.8.0.5 allows an malicious user to execute arbitrary code via the /files/backup/ component.