CVE-2016-20028

Name of the Vulnerable Software and Affected Versions ZKTeco ZKBioSecurity version 3.0

Description The software contains a cross-site request forgery issue that allows attackers to perform administrative actions by deceiving authenticated users into visiting malicious websites. Specifically, attackers can construct HTTP requests to add superadmin accounts without proper validation, leading to unauthorized administrative access. The vulnerability enables attackers to add superadmin accounts without validity checks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.