Description
The web application uses ZK Framework. Due to a vulnerability in the AuUploader component, an unauthenticated attacker can read arbitrary files in the web application context.
Remediation
Upgrade to the latest version of ZK Framework
References
Related Vulnerabilities
Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5508)
WordPress Plugin Contact Form Email Information Disclosure (1.2.66)
WordPress 1.5.1.2 Multiple Vulnerabilities (1.0 - 1.5.1.2)
WordPress Plugin Direct Download for Woocommerce Arbitrary File Download (1.15)