CVE-2023-7335P1HIGHCVSS 8.7Exploitedfixed in 22.4.72026-01-22
CVE-2023-7335 [HIGH] CWE-22 CVE-2023-7335: EduSoho versions prior to 22.4.7 contain an arbitrary file read vulnerability in the classroom-cours
EduSoho versions prior to 22.4.7 contain an arbitrary file read vulnerability in the classroom-course-statistics export functionality. A remote, unauthenticated attacker can supply crafted path traversal sequences in the fileNames[] parameter to read arbitrary files from the server filesystem, including application configuration files such as config/para
nvd