Описание
GUnet Open eClass Platform (aka openeclass) before 3.11 might allow remote attackers to read students' submitted assessments because it does not ensure that the web server blocks directory listings, and the data directory is inside the web root by default.
Ссылки
- Third Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
- Third Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.11 (исключая)
cpe:2.3:a:gunet:open_eclass_platform:*:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00363
Низкий
7.5 High
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
** DISPUTED ** GUnet Open eClass Platform (aka openeclass) through 3.9.2 might allow remote attackers to read students' submitted assessments because it does not ensure that the web server blocks directory listings. NOTE: this is disputed because it only affects misconfigured installations.
EPSS
Процентиль: 58%
0.00363
Низкий
7.5 High
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-200