CVE-2023-7335
EduSoho’s CVE-2023-7335 affects versions prior to 22.4.7 and is a remote, unauthenticated arbitrary file-read via the classroom-course-statistics export. The vulnerability arises from path-traversal in the fileNames[] parameter, allowing reading server files such as config/parameters.yml containi...