CVE-2023-7335

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-7335
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-7335.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-7335
Published
2026-01-22T17:15:53.117Z
Modified
2026-03-15T22:05:28.742604Z
Severity
  • 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
Summary
[none]
Details

EduSoho versions prior to 22.4.7 contain an arbitrary file read vulnerability in the classroom-course-statistics export functionality. A remote, unauthenticated attacker can supply crafted path traversal sequences in the fileNames[] parameter to read arbitrary files from the server filesystem, including application configuration files such as config/parameters.yml that may contain secrets and database credentials. Exploitation evidence was observed by the Shadowserver Foundation on 2026-01-19 (UTC).

References

Affected packages

Git / github.com/edusoho/edusoho

Affected ranges

Type
GIT
Repo
https://github.com/edusoho/edusoho
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
39ad4c4c6bbb32f5837848789ee00c1db33ef585

Affected versions

1.*
1.1.2
22.*
22.4.3
ct-v22.*
ct-v22.2.2
mh-1.*
mh-1.4.8
mh-1.4.9
v1.*
v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.37
v1.0.4
v1.1.0
v1.1.1
v1.2.0
v1.2.1
v1.2.5
v1.2.6
v1.3.0
v1.4.0
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.4.5
v1.5.0
v1.5.1
v1.5.2
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.5
v1.7.2
v1.7.3
v1.7.4
v2.*
v2.0.0
v2.0.1
v2.0.2
v2.1.0
v2.1.1
v2.1.2
v2.2.0
v2.2.1
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.5.0
v2.5.1
v2.6.0
v2.7.0
v2.7.1
v2.8.0
v2.8.1
v2.8.2
v2.8.3
v2.8.4
v2.8.5
v2.8.6
v2.8.7
v2.8.8
v20.*
v20.4.1
v20.4.2
v20.4.3
v20.4.4
v20.4.5
v20.4.6
v20.4.7
v20.4.8
v21.*
v21.1.1
v21.1.2
v21.1.3
v21.1.4
v21.1.5
v21.1.6
v21.1.7
v21.2.1
v21.2.10
v21.2.11
v21.2.12
v21.2.13
v21.2.2
v21.2.3
v21.2.4
v21.2.5
v21.2.6
v21.2.7
v21.2.8
v21.2.9
v21.3.1
v21.3.2
v21.3.3
v21.3.4
v21.3.5
v21.3.6
v21.3.7
v21.3.8
v21.4.1
v21.4.10
v21.4.2
v21.4.4
v21.4.5
v21.4.6
v21.4.7
v21.4.8
v21.4.9
v22.*
v22.1.1
v22.1.2
v22.1.3
v22.1.4
v22.1.5
v22.1.6
v22.2.1
v22.2.2
v22.2.3
v22.2.4
v22.2.5
v22.3.2
v22.3.4
v22.3.5
v22.3.7
v22.4.1
v22.4.2
v22.4.3
v22.4.4
v22.4.5
v22.4.6
v3.*
v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.0.4
v3.1.0
v3.2.0
v3.2.1
v3.2.2
v3.2.4
v3.2.5
v3.2.6
v3.3.0
v3.3.1
v3.3.2
v3.3.3
v3.3.4
v3.4.0
v3.4.1
v3.5.0
v3.5.1
v3.6.0
v3.7.0
v3.7.1
v3.7.2
v3.7.3
v3.7.4
v3.7.5
v3.7.6
v3.7.7
v4.*
v4.0.0
v4.0.1
v4.0.2
v4.0.3
v4.0.4
v4.1.0
v4.2.0
v4.3.0
v4.3.1
v4.3.2
v4.4.0
v4.4.1
v4.4.2
v4.4.3
v4.4.4
v4.4.5
v4.4.6
v4.5.0
v4.5.1
v4.5.2
v4.5.3
v4.5.4
v4.5.5
v4.6.0
v4.6.1
v4.6.2
v4.7.0
v4.7.10
v4.7.11
v4.7.2
v4.7.3
v4.7.6
v4.7.7
v4.7.8
v4.7.9
v4.8.0
v4.8.1
v4.8.2
v4.9.0
v4.9.1
v4.9.2
v4.9.3
v5.*
v5.0.0
v5.0.1
v5.1.0
v5.1.1
v5.1.2
v5.1.4
v5.1.5
v5.2.0
v5.2.1
v5.2.2
v5.2.3
v5.2.4
v5.3.0
v5.3.1
v5.3.2
v5.3.3
v5.4.0
v5.4.2
v5.4.3
v5.5.0
v5.5.1
v5.5.10
v5.5.11
v5.5.2
v5.5.3
v5.5.4
v5.5.5
v5.5.6
v5.5.7
v5.5.8
v5.5.9
v6.*
v6.0.0
v6.0.1
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.0.6
v6.1.0
v6.1.1
v6.1.2
v6.1.3
v6.10.0
v6.10.1
v6.11.0
v6.11.1
v6.12.0
v6.12.1
v6.12.2
v6.12.3
v6.12.4
v6.12.5
v6.13.0
v6.13.1
v6.14.0
v6.14.1
v6.14.2
v6.14.3
v6.15.0
v6.15.1
v6.15.2
v6.15.3
v6.15.4
v6.15.5
v6.15.6
v6.15.7
v6.16.0
v6.16.1
v6.16.2
v6.16.3
v6.17.0
v6.17.1
v6.17.10
v6.17.11
v6.17.12
v6.17.13
v6.17.14
v6.17.15
v6.17.16
v6.17.17
v6.17.18
v6.17.19
v6.17.2
v6.17.20
v6.17.21
v6.17.22
v6.17.23
v6.17.24
v6.17.25
v6.17.26
v6.17.3
v6.17.4
v6.17.5
v6.17.6
v6.17.7
v6.17.8
v6.17.9
v6.2.0
v6.2.1
v6.2.2
v6.2.3
v6.2.3-install-data
v6.3.0
v6.3.1
v6.3.2
v6.4.0
v6.4.1
v6.4.2
v6.4.3
v6.5.0
v6.5.1
v6.5.2
v6.5.3
v6.5.4
v6.5.5
v6.6.0
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.2
v6.6.3
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7.0
v6.7.1
v6.7.3
v6.7.4
v6.8.0
v6.8.1
v6.8.2
v6.8.3
v6.8.4
v6.8.5
v6.9.0
v6.9.1
v6.9.2
v6.9.3
v6.9.4
v6.9.5
v6.9.6
v7.*
v7.0.0
v7.0.1
v7.0.2
v7.1.0
v7.1.1
v7.1.2
v7.1.3
v7.1.4
v7.1.5
v7.1.6
v7.2.0
v7.2.1
v7.2.10
v7.2.11
v7.2.12
v7.2.13
v7.2.14
v7.2.15
v7.2.2
v7.2.3
v7.2.4
v7.2.5
v7.2.6
v7.2.7
v7.2.8
v7.2.9
v7.3.0
v7.3.1
v7.3.2
v7.3.3
v7.3.4
v7.3.5
v7.3.6
v7.3.7
v7.3.8
v7.3.9
v7.4.0
v7.4.1
v7.4.2
v7.5.0
v7.5.1
v7.5.10
v7.5.11
v7.5.12
v7.5.13
v7.5.14
v7.5.15
v7.5.2
v7.5.3
v7.5.4
v7.5.5
v7.5.6
v7.5.7
v7.5.8
v7.5.9
v8.*
v8.0.0
v8.0.1
v8.0.10
v8.0.11
v8.0.12
v8.0.13
v8.0.14
v8.0.15
v8.0.16
v8.0.17
v8.0.18
v8.0.19
v8.0.2
v8.0.20
v8.0.21
v8.0.22
v8.0.23
v8.0.24
v8.0.25
v8.0.26
v8.0.27
v8.0.28
v8.0.29
v8.0.3
v8.0.30
v8.0.31
v8.0.4
v8.0.5
v8.0.6
v8.0.7
v8.0.9
v8.1.0
v8.1.1
v8.1.10
v8.1.11
v8.1.2
v8.1.3
v8.1.4
v8.1.5
v8.1.6
v8.1.8
v8.1.9
v8.2.0
v8.2.1
v8.2.10
v8.2.11
v8.2.12
v8.2.13
v8.2.14
v8.2.15
v8.2.16
v8.2.17
v8.2.18
v8.2.19
v8.2.2
v8.2.20
v8.2.21
v8.2.22
v8.2.23
v8.2.24
v8.2.26
v8.2.27
v8.2.28
v8.2.29
v8.2.3
v8.2.30
v8.2.31
v8.2.32
v8.2.33
v8.2.34
v8.2.35
v8.2.36
v8.2.37
v8.2.38
v8.2.39
v8.2.4
v8.2.5
v8.2.6
v8.2.7
v8.2.8
v8.2.9
v8.3.0
v8.3.1
v8.3.10
v8.3.11
v8.3.12
v8.3.13
v8.3.14
v8.3.15
v8.3.16
v8.3.17
v8.3.18
v8.3.19
v8.3.2
v8.3.20
v8.3.21
v8.3.22
v8.3.23
v8.3.24
v8.3.25
v8.3.26
v8.3.27
v8.3.28
v8.3.29
v8.3.3
v8.3.30
v8.3.31
v8.3.32
v8.3.33
v8.3.34
v8.3.35
v8.3.36
v8.3.37
v8.3.38
v8.3.39
v8.3.4
v8.3.40
v8.3.42
v8.3.43
v8.3.44
v8.3.45
v8.3.46
v8.3.47
v8.3.48
v8.3.5
v8.3.50
v8.3.51
v8.3.6
v8.3.7
v8.3.8
v8.3.9
v8.4.0
v8.5.0
v8.5.1
v8.6.0
v8.6.1
v8.6.10
v8.6.11
v8.6.12
v8.6.13
v8.6.14
v8.6.15
v8.6.16
v8.6.17
v8.6.18
v8.6.19
v8.6.2
v8.6.20
v8.6.3
v8.6.4
v8.6.5
v8.6.6
v8.6.7
v8.6.8
v8.6.9
v8.7.0
v8.7.1
v8.7.10
v8.7.11
v8.7.12
v8.7.13
v8.7.14
v8.7.15
v8.7.2
v8.7.3
v8.7.4
v8.7.6
v8.7.7
v8.7.8
v8.7.9
v8.8.0
v8.8.1
v8.8.2
v8.8.3
v8.8.4
v8.8.5
v8.8.6

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-7335.json"