Skip to content

Commit 4c9fea2

Browse files
committed
add: AVE-2023-0114
1 parent 40fa869 commit 4c9fea2

1 file changed

Lines changed: 27 additions & 0 deletions

File tree

vulns/2023/AVE-2023-0114.toml

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
[basic]
2+
description = "EduSoho 网络教学系统 v22.4.7 及之前版本存在未授权任意文件读取漏洞,攻击者通过 /export/classroom-course-statistics 接口的 fileNames[] 参数构造路径遍历 payload,可直接读取服务器敏感文件。成功利用可获取 config/parameters.yml 配置文件中的 secret 密钥及数据库账号密码,结合 Symfony 框架 _fragment 路由特性进一步实现远程代码执行,导致服务器完全沦陷。漏洞利用无需认证,仅需目标运行受影响版本 EduSoho 且接口可达即可触发,影响范围覆盖大量在线教育平台部署环境。"
3+
published = "2023-12-15"
4+
remediation = "升级 EduSoho 至 v22.4.7 或更高版本,该版本已修复 classroom-course-statistics 接口的路径遍历问题。如无法立即升级,在 WAF/Nginx 层添加规则拦截对 /export/classroom-course-statistics 的请求中 fileNames[] 参数包含 ../ 的路径穿越 payload,同时限制该接口仅允许已认证管理员访问。"
5+
score = 9.0
6+
severity = "CRITICAL"
7+
sources = ["nuclei"]
8+
title = "杭州阔知网络科技 EduSoho 任意文件读取漏洞"
9+
updated = "2023-12-15"
10+
11+
[exploit]
12+
exp_urls = []
13+
poc_urls = []
14+
15+
[id]
16+
aliases = ["NUCLEI-HTTP-CNVD-2023-CNVD-2023-03903-YAML"]
17+
ave_id = "AVE-2023-0114"
18+
19+
[meta]
20+
collected_at = "2026-07-14T00:00:00Z"
21+
status = "completed"
22+
23+
[references]
24+
urls = [
25+
"https://blog.csdn.net/qq_41904294/article/details/135007351",
26+
"https://github.com/gobysec/GobyVuls/blob/master/CNVD-2023-03903.md",
27+
]

0 commit comments

Comments
 (0)