Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
ZK Framework AuUploader Information Disclosure (CVE-2022-36537) - Vulnerability Database

ZK Framework AuUploader Information Disclosure (CVE-2022-36537)

Description

The web application uses ZK Framework. Due to a vulnerability in the AuUploader component, an unauthenticated attacker can read arbitrary files in the web application context.

Remediation

Upgrade to the latest version of ZK Framework

References

Vulnerability in zk upload
CVE-2022-36537 Vulnerability Technical Analysis with Exp

Related Vulnerabilities

WordPress Plugin WP Online Store Local File Include and Multiple File Disclosure Vulnerabilities (1.3.1) High
Common tags: Information Disclosure File Inclusion
Apache Axis2 xsd local file inclusion High
Common tags: Information Disclosure File Inclusion
WordPress Plugin Social Discussions Remote File Include and Information Disclosure Vulnerabilities (6.1.1) High
Common tags: Information Disclosure File Inclusion
Zend Framework local file disclosure via XXE injection High
Common tags: Information Disclosure File Inclusion
webadmin.php script High
Common tags: Information Disclosure File Inclusion

Severity

High

Classification

CVE-2022-36537
CWE-200
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Information Disclosure
File Inclusion