CVE-2022-36537

Name of the Vulnerable Software and Affected Versions ZK Framework versions 8.6.4.1, 9.0.1.2, 9.5.1.3, 9.6.0.1, 9.6.1

Description The issue is related to the AuUploader component of the ZK Framework, which allows attackers to access sensitive information via a crafted POST request. This can enable a remote attacker to gain unauthorized access to protected information. Approximately 5,600 instances are potentially affected.

Recommendations For ZK Framework versions 8.6.4.1, 9.0.1.2, 9.5.1.3, 9.6.0.1, 9.6.1, consider disabling the AuUploader component until a patch is available to prevent exploitation. Restrict access to the AuUploader component to minimize the risk of unauthorized access. Avoid using the AuUploader component in the affected ZK Framework versions until the issue is resolved.