漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
EduSoho < 22.4.7 Arbitrary File Read via classroom-course-statistics
Vulnerability Description
EduSoho versions prior to 22.4.7 contain an arbitrary file read vulnerability in the classroom-course-statistics export functionality. A remote, unauthenticated attacker can supply crafted path traversal sequences in the fileNames[] parameter to read arbitrary files from the server filesystem, including application configuration files such as config/parameters.yml that may contain secrets and database credentials. Exploitation evidence was observed by the Shadowserver Foundation on 2026-01-19 (UTC).
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
EduSoho 路径遍历漏洞
Vulnerability Description
EduSoho是EduSoho开源的一个网校系统。 EduSoho 22.4.7之前版本存在路径遍历漏洞,该漏洞源于classroom-course-statistics导出功能中对fileNames参数处理不当,可能导致任意文件读取。
CVSS Information
N/A
Vulnerability Type
N/A