CVE-2024-22988

Published: Feb 23, 2024

Modified: Jun 10, 2025

PUBLISHED

Description

ZKteco ZKBio WDMS before 9.0.2 Build 20250526 allows an attacker to download a database backup via the /files/backup/ component because the filename is based on a predictable timestamp.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://zkteco.com

https://gist.github.com/whiteman007/b50a9b64007a5d7bcb7a8bee61d2cb47

https://www.vicarius.io/vsociety/posts/revealing-cve-2024-22988-a-unique-dive-into-exploiting-access-control-gaps-in-zkbio-wdms-uncover-the-untold-crafted-for-beginners-with-a-rare-glimpse-into-pentesting-strategies

https://www.zkteco.com/en/Security_Bulletinsibs/12

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-22988

Description

Affected Products

References