CSRF Vulnerability in ZKTeco ZKTime Web 2.0.1.12280 Allows Remote Admin Hijacking

CSRF Vulnerability in ZKTeco ZKTime Web 2.0.1.12280 Allows Remote Admin Hijacking

CVE-2017-13129 · MEDIUM Severity

AV:N/AC:M/AU:S/C:P/I:P/A:P

Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens.

Learn more about our Web App Pen Testing.