CVE-2016-20029

Sažetak

ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including configuration files, source code, and protected application resources.

Reference

https://cxsecurity.com/issue/WLB-2016090001
https://exchange.xforce.ibmcloud.com/vulnerabilities/116489
https://packetstormsecurity.com/files/138570
https://www.exploit-db.com/exploits/40326/
https://www.vulncheck.com/advisories/zkteco-zkbiosecurity-file-path-manipulation-vulnerability
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5365.php

CVSS

Base:	6.2
Impact:	3.6
Exploitability:	2.5

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Zadnje važnije ažuriranje

16-03-2026 - 14:53

Objavljeno

16-03-2026 - 14:17