ZKTeco ZKTime Web 2.0.1.12280 allows remote malicious users to obtain sensitive employee metadata via a direct request for a PDF document.
zkteco zktime web 2.0.1.12280