Arbitrary Code Execution and Privilege Escalation via SQL Injection in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance

Arbitrary Code Execution and Privilege Escalation via SQL Injection in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance

CVE-2023-48050 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance (aka odoo-biometric-attendance) v. 13.0 through 16.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the db parameter in the controllers/controllers.py component.

Learn more about our Web Application Penetration Testing UK.