Vulnerabilities > Zkteco > Zkbiosecurity V5000

DATE CVE VULNERABILITY TITLE RISK
2022-10-07 CVE-2022-36635 SQL Injection vulnerability in Zkteco Zkbiosecurity V5000 4.1.3
ZKteco ZKBioSecurity V5000 4.1.3 was discovered to contain a SQL injection vulnerability via the component /baseOpLog.do.
network
low complexity
zkteco CWE-89
8.8
8.8
2022-10-07 CVE-2022-36634 Incorrect Authorization vulnerability in Zkteco Zkbiosecurity V5000 3.0.5.0R
An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows attackers to arbitrarily create admin users via a crafted HTTP request.
network
low complexity
zkteco CWE-863
8.8
8.8