8Mar
CVE-2024-2318 | ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1028 Service Port 9999 /pro/common/download fileName path traversal
A vulnerability was found in ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1028. It has been classified as problematic. Affected is an unknown function of the file /pro/common/download of the component Service Port 9999. The manipulation of the argument fileName with the input../../../../zkbio_media.sql leads to path traversal: '../filedir'.
This vulnerability is traded as CVE-2024-2318. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
