CVE-2022-33116

Опубликовано: 27 июн. 2022

Источник: nvd

CVSS3: 6.5

CVSS2: 3.5

EPSS Низкий

Описание

An issue in the jmpath variable in /modules/mindmap/index.php of GUnet Open eClass Platform (aka openeclass) v3.12.4 and below allows attackers to read arbitrary files via a directory traversal.

Ссылки

https://emaragkos.gr/gunet-open-eclass-authenticated-path-traversal/
Exploit
Third Party Advisory
https://github.com/gunet/openeclass
Product
Third Party Advisory
https://hg.gunet.gr/openeclass/diff/cbfc90094d51/modules/mindmap/index.php
Patch
Vendor Advisory
https://www.openeclass.org/en/
Product
Vendor Advisory
https://emaragkos.gr/gunet-open-eclass-authenticated-path-traversal/
Exploit
Third Party Advisory
https://github.com/gunet/openeclass
Product
Third Party Advisory
https://hg.gunet.gr/openeclass/diff/cbfc90094d51/modules/mindmap/index.php
Patch
Vendor Advisory
https://www.openeclass.org/en/
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:openeclass:openeclass:*:*:*:*:*:*:*:*

Версия до 3.12.4 (включая)

EPSS

Процентиль: 54%

0.00313

Низкий

6.5 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-m456-26w4-fmr9