CVE-2023-38950 — ZKTeco BioTime Path Traversal Vulnerability

Description

ZKTeco BioTime contains a path traversal vulnerability in the iclock API that allows an unauthenticated attacker to read arbitrary files via supplying a crafted payload.

How to fix CVE-2023-38950

No package mapping is available — consult the references below for vendor-specific guidance.

Is CVE-2023-38950 being exploited?

Yes — CVE-2023-38950 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.

Affected packages (0)

No package mapping in OSV.