关键信息 漏洞标题: - EduSoho < 22.4.7 Arbitrary File Read via classroom-course-statistics 严重性: - HIGH 日期: - January 22, 2026 漏洞类型: - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CVSS V4向量: - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N 描述: - EduSoho versions prior to 22.4.7 contain an arbitrary file read vulnerability in the classroom-course-statistics export functionality. A remote, unauthenticated attacker can supply crafted path traversal sequences in the fileNames[] parameter to read arbitrary files from the server filesystem, including application configuration files such as config/parameters.yml that may contain secrets and database credentials. Exploitation evidence was first observed by the Shadowserver Foundation 2024-07-12 (UTC). 参考链接: - EduSoho v22.4.7 Release Notes - EduSoho Webpage - CNVD-2023-03903 - CN-SEC Disclosure - CSDN Disclosure - zeroChen00 GitHub PoC - GobyVuls GitHub PoC VulnCheck KEV状态: - This advisory is in the VulnCheck KEV database