CVE-2022-33116

2022-06-2720:42:01

mitre

www.cve.org

jmpath variable

gunet open eclass platform

file read

directory traversal

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

39.7%

JSON

An issue in the jmpath variable in /modules/mindmap/index.php of GUnet Open eClass Platform (aka openeclass) v3.12.4 and below allows attackers to read arbitrary files via a directory traversal.

References

emaragkos.gr/gunet-open-eclass-authenticated-path-traversal/

github.com/gunet/openeclass

hg.gunet.gr/openeclass/diff/cbfc90094d51/modules/mindmap/index.php

www.openeclass.org/en/