2 matches found
Exploit for CVE-2022-36537
CVE-2022-36537 Summary R1Soft Server Backup Manager uses t...
Sensitive Information Disclosure
org.zkoss.zk:zk is vulnerable to Information Disclosure. The vulnerability is caused by forged requests with a nextURI parameter to the /zkau/upload endpoint, which then forwards the request internally. An attacker can then access sensitive files in the WEB-INF directory, which can include web.xm...