ZK Framework < 8.6.4.2 / 9.0.x < 9.0.1.3 / 9.5.x < 9.5.1.4 / 9.6.0.x < 9.6.0.2 / 9.6.x < 9.6.2 Authentication Bypass

ZK is a popular Java Web framework for building enterprise Web applications. By forging a POST request to the AuUpload ZK serverlets, an unauthenticated attacker can retrieve the content of a file located in the web context. No source data...