{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-7335", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-01-21T21:28:45.232Z", "datePublished": "2026-01-22T16:55:25.228Z", "dateUpdated": "2026-01-22T18:31:38.631Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "EduSoho", "repo": "https://github.com/edusoho/edusoho", "vendor": "Hangzhou Kuozhi Network Technology Co., Ltd.", "versions": [{"lessThan": "22.4.7", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "EduSoho versions prior to 22.4.7 contain an arbitrary file read vulnerability in the classroom-course-statistics export functionality. A remote, unauthenticated attacker can supply crafted path traversal sequences in the fileNames[] parameter to read arbitrary files from the server filesystem, including application configuration files such as config/parameters.yml that may contain secrets and database credentials.&nbsp;Exploitation evidence was observed by the Shadowserver Foundation on 2026-01-19 (UTC)."}], "value": "EduSoho versions prior to 22.4.7 contain an arbitrary file read vulnerability in the classroom-course-statistics export functionality. A remote, unauthenticated attacker can supply crafted path traversal sequences in the fileNames[] parameter to read arbitrary files from the server filesystem, including application configuration files such as config/parameters.yml that may contain secrets and database credentials.\u00a0Exploitation evidence was observed by the Shadowserver Foundation on 2026-01-19 (UTC)."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-01-22T16:55:25.228Z"}, "references": [{"tags": ["product"], "url": "https://www.edusoho.com/"}, {"tags": ["release-notes", "patch"], "url": "https://github.com/edusoho/edusoho/releases/tag/v22.4.7"}, {"tags": ["technical-description", "exploit"], "url": "https://cn-sec.com/archives/2451582.html"}, {"tags": ["technical-description", "exploit"], "url": "https://blog.csdn.net/qq_41904294/article/details/135007351"}, {"tags": ["exploit"], "url": "https://github.com/zeroChen00/exp-poc/blob/main/EduSoho%E6%95%99%E5%9F%B9%E7%B3%BB%E7%BB%9Fclassropm-course-statistics%E5%AD%98%E5%9C%A8%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.md"}, {"tags": ["exploit"], "url": "https://github.com/gobysec/GobyVuls/blob/master/CNVD-2023-03903.md"}, {"tags": ["government-resource", "vdb-entry"], "url": "https://www.cnvd.org.cn/flaw/show/CNVD-2023-03903"}, {"tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/edusoho-arbitrary-file-read-via-classroom-course-statistics"}], "source": {"discovery": "UNKNOWN"}, "tags": ["x_known-exploited-vulnerability"], "title": "EduSoho < 22.4.7 Arbitrary File Read via classroom-course-statistics", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-22T18:30:59.634659Z", "id": "CVE-2023-7335", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-22T18:31:38.631Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-7335", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-22T18:30:59.634659Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-22T18:31:30.559Z"}}], "cna": {"tags": ["x_known-exploited-vulnerability"], "title": "EduSoho < 22.4.7 Arbitrary File Read via classroom-course-statistics", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/edusoho/edusoho", "vendor": "Hangzhou Kuozhi Network Technology Co., Ltd.", "product": "EduSoho", "versions": [{"status": "affected", "version": "0", "lessThan": "22.4.7", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.edusoho.com/", "tags": ["product"]}, {"url": "https://github.com/edusoho/edusoho/releases/tag/v22.4.7", "tags": ["release-notes", "patch"]}, {"url": "https://cn-sec.com/archives/2451582.html", "tags": ["technical-description", "exploit"]}, {"url": "https://blog.csdn.net/qq_41904294/article/details/135007351", "tags": ["technical-description", "exploit"]}, {"url": "https://github.com/zeroChen00/exp-poc/blob/main/EduSoho%E6%95%99%E5%9F%B9%E7%B3%BB%E7%BB%9Fclassropm-course-statistics%E5%AD%98%E5%9C%A8%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.md", "tags": ["exploit"]}, {"url": "https://github.com/gobysec/GobyVuls/blob/master/CNVD-2023-03903.md", "tags": ["exploit"]}, {"url": "https://www.cnvd.org.cn/flaw/show/CNVD-2023-03903", "tags": ["government-resource", "vdb-entry"]}, {"url": "https://www.vulncheck.com/advisories/edusoho-arbitrary-file-read-via-classroom-course-statistics", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "EduSoho versions prior to 22.4.7 contain an arbitrary file read vulnerability in the classroom-course-statistics export functionality. A remote, unauthenticated attacker can supply crafted path traversal sequences in the fileNames[] parameter to read arbitrary files from the server filesystem, including application configuration files such as config/parameters.yml that may contain secrets and database credentials.\u00a0Exploitation evidence was observed by the Shadowserver Foundation on 2026-01-19 (UTC).", "supportingMedia": [{"type": "text/html", "value": "EduSoho versions prior to 22.4.7 contain an arbitrary file read vulnerability in the classroom-course-statistics export functionality. A remote, unauthenticated attacker can supply crafted path traversal sequences in the fileNames[] parameter to read arbitrary files from the server filesystem, including application configuration files such as config/parameters.yml that may contain secrets and database credentials.&nbsp;Exploitation evidence was observed by the Shadowserver Foundation on 2026-01-19 (UTC).", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-01-22T16:55:25.228Z"}}}, "cveMetadata": {"cveId": "CVE-2023-7335", "state": "PUBLISHED", "dateUpdated": "2026-01-22T18:31:38.631Z", "dateReserved": "2026-01-21T21:28:45.232Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-01-22T16:55:25.228Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "EduSoho versions prior to 22.4.7 contain an arbitrary file read vulnerability in the classroom-course-statistics export functionality. A remote, unauthenticated attacker can supply crafted path traversal sequences in the fileNames[] parameter to read arbitrary files from the server filesystem, including application configuration files such as config/parameters.yml that may contain secrets and database credentials.\u00a0Exploitation evidence was observed by the Shadowserver Foundation on 2026-01-19 (UTC)."}, {"lang": "es", "value": "Las versiones de EduSoho anteriores a la 22.4.7 contienen una vulnerabilidad de lectura arbitraria de archivos en la funcionalidad de exportaci\u00f3n de estad\u00edsticas de cursos del aula. Un atacante remoto no autenticado puede proporcionar secuencias de salto de ruta manipuladas en el par\u00e1metro fileNames[] para leer archivos arbitrarios del sistema de archivos del servidor, incluyendo archivos de configuraci\u00f3n de la aplicaci\u00f3n como config/parameters.yml que pueden contener secretos y credenciales de la base de datos. Se observ\u00f3 evidencia de explotaci\u00f3n por la Shadowserver Foundation el 19-01-2026 (UTC)."}], "id": "CVE-2023-7335", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-01-22T17:15:53.117", "references": [{"source": "disclosure@vulncheck.com", "url": "https://blog.csdn.net/qq_41904294/article/details/135007351"}, {"source": "disclosure@vulncheck.com", "url": "https://cn-sec.com/archives/2451582.html"}, {"source": "disclosure@vulncheck.com", "url": "https://github.com/edusoho/edusoho/releases/tag/v22.4.7"}, {"source": "disclosure@vulncheck.com", "url": "https://github.com/gobysec/GobyVuls/blob/master/CNVD-2023-03903.md"}, {"source": "disclosure@vulncheck.com", "url": "https://github.com/zeroChen00/exp-poc/blob/main/EduSoho%E6%95%99%E5%9F%B9%E7%B3%BB%E7%BB%9Fclassropm-course-statistics%E5%AD%98%E5%9C%A8%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.md"}, {"source": "disclosure@vulncheck.com", "url": "https://www.cnvd.org.cn/flaw/show/CNVD-2023-03903"}, {"source": "disclosure@vulncheck.com", "url": "https://www.edusoho.com/"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/edusoho-arbitrary-file-read-via-classroom-course-statistics"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"created": "2026-01-23T10:27:17.513976+00:00", "updated": "2026-01-23T10:27:17.514008+00:00", "vendors": ["hangzhou_kuozhi_network_technology", "hangzhou_kuozhi_network_technology$PRODUCT$edusoho"]}