Vulnerabilities > CVE-2022-40472 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Zktec Zkbio Time 8.0.7
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to contain a CSV injection vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the Content text field of the Add New Message module.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |