CVE-2023-38952

Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read sensitive backup files and access sensitive information such as user credentials via sending a crafted HTTP request to the static files resources of the system.

Date published : 2023-08-03

http://zkteco.com

https://claroty.com/team82/disclosure-dashboard/cve-2023-38952