Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
EduSoho < 22.4.7 Arbitrary File Read via classroom-course-statistics
Vulnerability Description
EduSoho versions prior to 22.4.7 contain an arbitrary file read vulnerability in the classroom-course-statistics export functionality. A remote, unauthenticated attacker can supply crafted path traversal sequences in the fileNames[] parameter to read arbitrary files from the server filesystem, including application configuration files such as config/parameters.yml that may contain secrets and database credentials. Exploitation evidence was observed by the Shadowserver Foundation on 2026-01-19 (UTC).
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
EduSoho 路径遍历漏洞
Vulnerability Description
EduSoho是EduSoho开源的一个网校系统。 EduSoho 22.4.7之前版本存在路径遍历漏洞,该漏洞源于classroom-course-statistics导出功能中对fileNames参数处理不当,可能导致任意文件读取。
CVSS Information
N/A
Vulnerability Type
N/A