Description

The web application uses ZK Framework. Due to a vulnerability in the AuUploader component, an unauthenticated attacker can read arbitrary files in the web application context.

Remediation

Upgrade to the latest version of ZK Framework

References

Vulnerability in zk upload

CVE-2022-36537 Vulnerability Technical Analysis with Exp

Related Vulnerabilities

WordPress plugin Slider Revolution arbitrary file disclosure

WordPress Plugin WP PHP widget Information Disclosure (1.0.2)

TCExam Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-20114)

WordPress Plugin Salon Booking System Multiple Information Disclosure Vulnerabilities (7.6.2)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5868)

Severity

High

Classification

CVE-2022-36537 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Information Disclosure File Inclusion