Medium severity4.3NVD Advisory· Published Mar 8, 2024· Updated Apr 29, 2026
CVE-2024-2318
CVE-2024-2318
Description
A vulnerability was found in ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1028. It has been classified as problematic. Affected is an unknown function of the file /pro/common/download of the component Service Port 9999. The manipulation of the argument fileName with the input ../../../../zkbio_media.sql leads to path traversal: '../filedir'. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1.3 Build 2025-05-26-1605 is able to address this issue. It is recommended to upgrade the affected component.
Affected products
1- cpe:2.3:a:zkteco:zkbio_media:2.0.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- gist.github.com/whiteman007/a3b25a7ddf38774329d72930e0cd841anvdThird Party Advisory
- vuldb.comnvdPermissions RequiredVDB Entry
- vuldb.comnvdPermissions RequiredVDB Entry
- vuldb.comnvd
- www.zkteco.com/en/Security_Bulletinsibs/11nvd
News mentions
0No linked articles in our index yet.