CVE-2023-7335
Unknown Unknown - Not Provided
Arbitrary File Read in EduSoho Classroom Export Enables Data Exposure

Publication date: 2026-01-22

Last updated on: 2026-01-22

Assigner: VulnCheck

Description
EduSoho versions prior to 22.4.7 contain an arbitrary file read vulnerability in the classroom-course-statistics export functionality. A remote, unauthenticated attacker can supply crafted path traversal sequences in the fileNames[] parameter to read arbitrary files from the server filesystem, including application configuration files such as config/parameters.yml that may contain secrets and database credentials.Β Exploitation evidence was observed by the Shadowserver Foundation on 2026-01-19 (UTC).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-22
Last Modified
2026-01-22
Generated
2026-06-16
AI Q&A
2026-01-22
EPSS Evaluated
2026-06-14
NVD
CVE-2023-7335
EUVD
EUVD-2026-4096
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
hangzhou_kuozhi_network_technology edusoho to 22.4.7 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an arbitrary file read flaw in EduSoho versions prior to 22.4.7. It exists in the classroom-course-statistics export functionality, where an unauthenticated remote attacker can manipulate the fileNames[] parameter with crafted path traversal sequences to read arbitrary files on the server. This includes sensitive files like config/parameters.yml, which may contain secrets and database credentials. [3, 6]

Impact Analysis

The vulnerability allows attackers to read sensitive files on the server without authentication. This can lead to exposure of secrets, database credentials, and other critical configuration data, potentially enabling further attacks, unauthorized access, or data breaches. [3, 6]

Detection Guidance

This vulnerability can be detected by sending crafted HTTP requests to the classroom-course-statistics export endpoint, specifically manipulating the fileNames[] parameter with path traversal sequences to attempt reading sensitive files like config/parameters.yml. Tools such as Nuclei and Zoomeye have been used to verify the presence of this arbitrary file read vulnerability. A proof-of-concept HTTP GET request example is to request ../../../config/parameters.yml via the fileNames[] parameter to check if the server returns the file contents. [3, 6]

Mitigation Strategies

The immediate mitigation step is to update the EduSoho installation to version 22.4.7 or later, where this vulnerability has been fixed. Applying the vendor's patch promptly will prevent exploitation. Additionally, restricting access to the vulnerable endpoint and monitoring for suspicious requests targeting the fileNames[] parameter can help reduce risk until the update is applied. [1, 3, 6]

Compliance Impact

This vulnerability allows unauthorized remote attackers to read arbitrary files on the server, including sensitive configuration files containing secrets and database credentials. Exposure of such sensitive data can lead to data breaches and unauthorized access, which may result in non-compliance with data protection regulations such as GDPR and HIPAA that require protection of personal and sensitive information. Therefore, exploitation of this vulnerability could negatively impact compliance with these standards by risking confidentiality and security of protected data. [3, 6]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-7335. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart