Directory traversal

2022-06-2721:15:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.8%

JSON

An issue in the jmpath variable in /modules/mindmap/index.php of GUnet Open eClass Platform (aka openeclass) v3.12.4 and below allows attackers to read arbitrary files via a directory traversal.

CPENameOperatorVersion
openeclassle3.12.4

CPE	Name	Operator	Version
	openeclass	le	3.12.4

References

emaragkos.gr/gunet-open-eclass-authenticated-path-traversal/

github.com/gunet/openeclass

hg.gunet.gr/openeclass/diff/cbfc90094d51/modules/mindmap/index.php

www.openeclass.org/en/