ZKBiosecurity – Authenticated SQL Injection resulting in RCE (CVE-2022-36635)

Read Time:16 Second

Posted by Caio B on Sep 30

#######################ADVISORY INFORMATION#######################

Product: ZKSecurity BIO

Vendor: ZKTeco (
https://www.zkteco.com/en/ZKBiosecurity/ZKBioSecurity_V5000_4.1.2)

Version Affected: 4.1.2

CVE: CVE-2022-36635

Vulnerability: SQL Injection (with a plus: RCE)

#######################CREDIT#######################

This vulnerability was discovered and researched by Caio Burgardt and
Silton Santos….

Read More