CVE-2023-7335

EduSoho versions prior to 22.4.7 contain an arbitrary file read vulnerability in the classroom-course-statistics export functionality. A remote, unauthenticated attacker can supply crafted path traversal sequences in the fileNames parameter to read arbitrary files from the server filesystem,...

CVE-2023-7335

EduSoho versions prior to 22.4.7 contain an arbitrary file read vulnerability in the classroom-course-statistics export functionality. A remote, unauthenticated attacker can supply crafted path traversal sequences in the fileNames parameter to read arbitrary files from the server filesystem,...

CVE-2023-7335

EduSoho’s CVE-2023-7335 affects versions prior to 22.4.7 and is a remote, unauthenticated arbitrary file-read via the classroom-course-statistics export. The vulnerability arises from path-traversal in the fileNames[] parameter, allowing reading server files such as config/parameters.yml containi...

CVE-2023-7335 EduSoho < 22.4.7 Arbitrary File Read via classroom-course-statistics

EduSoho versions prior to 22.4.7 contain an arbitrary file read vulnerability in the classroom-course-statistics export functionality. A remote, unauthenticated attacker can supply crafted path traversal sequences in the fileNames parameter to read arbitrary files from the server filesystem,...

EUVD-2017-3118

Malware in sbrugna...

CVE-2023-36348

POS Codekop v2.0 was discovered to contain an authenticated remote code execution RCE vulnerability via the filename parameter...

Mito MetInfo Path Traversal Vulnerability

Mito MetInfo is a content management system CMS developed using PHP and Mysql. A directory traversal vulnerability exists in Mito MetInfo version 5.3.17. A remote attacker can exploit this vulnerability by sending the 'filenames' parameter to the file /admin/system/database/filedown.php to delete...