Sensitive Employee Metadata Disclosure in ZKTeco ZKTime Web 2.0.1.12280

Sensitive Employee Metadata Disclosure in ZKTeco ZKTime Web 2.0.1.12280

CVE-2017-14680 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document.

Learn more about our Web App Pen Testing.