CVE-2023-38952

Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read sensitive backup files and access sensitive information such as user credentials via sending a crafted HTTP request to the static files resources of the system. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt