Medium severity4.3NVD Advisory· Published Mar 16, 2026· Updated Jun 8, 2026
CVE-2016-20028
CVE-2016-20028
Description
ZKTeco ZKBioSecurity 3.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious websites. Attackers can craft HTTP requests that add superadmin accounts without validity checks, enabling unauthorized administrative access when authenticated users visit attacker-controlled pages.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <3.0
Patches
Vulnerability mechanics
References
6- cxsecurity.com/issue/WLB-2016080268nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/116477nvd
- packetstormsecurity.com/files/138569nvd
- www.exploit-db.com/exploits/40325/nvd
- www.vulncheck.com/advisories/zkteco-zkbiosecurity-cross-site-request-forgery-superadminnvd
- www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5364.phpnvd
News mentions
0No linked articles in our index yet.