2 matches found
ZK Framework - Information Disclosure
ZK Framework 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 is susceptible to information disclosure. An attacker can access sensitive information via a crafted POST request to the component AuUploader and thereby possibly obtain additional sensitive information, modify data, and/or execute...
Sensitive Information Disclosure
org.zkoss.zk:zk is vulnerable to Information Disclosure. The vulnerability is caused by forged requests with a nextURI parameter to the /zkau/upload endpoint, which then forwards the request internally. An attacker can then access sensitive files in the WEB-INF directory, which can include web.xm...