PT-2017-15065 · Biometric Shift · Biometric Shift Employee Management System

Ihsan Sencan

Published

2017-12-26

Updated

2018-01-10

CVE-2017-17876

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Biometric Shift Employee Management System version 3.0

Description The issue allows remote attackers to bypass intended file-read restrictions. This can be achieved via a user=download request with a pathname in the path parameter.

Recommendations For Biometric Shift Employee Management System version 3.0, consider restricting access to the user=download request until a patch is available. As a temporary workaround, avoid using the path parameter in this request to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-275

Related Identifiers

CVE-2017-17876

Affected Products

Biometric Shift Employee Management System

PT-2017-15065 · Biometric Shift · Biometric Shift Employee Management System

CVE-2017-17876

Weakness Enumeration

Related Identifiers

Affected Products

References · 3