File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ [basic ]
2+ description = " EduSoho 网络教学系统 v22.4.7 及之前版本存在未授权任意文件读取漏洞,攻击者通过 /export/classroom-course-statistics 接口的 fileNames[] 参数构造路径遍历 payload,可直接读取服务器敏感文件。成功利用可获取 config/parameters.yml 配置文件中的 secret 密钥及数据库账号密码,结合 Symfony 框架 _fragment 路由特性进一步实现远程代码执行,导致服务器完全沦陷。漏洞利用无需认证,仅需目标运行受影响版本 EduSoho 且接口可达即可触发,影响范围覆盖大量在线教育平台部署环境。"
3+ published = " 2023-12-15"
4+ remediation = " 升级 EduSoho 至 v22.4.7 或更高版本,该版本已修复 classroom-course-statistics 接口的路径遍历问题。如无法立即升级,在 WAF/Nginx 层添加规则拦截对 /export/classroom-course-statistics 的请求中 fileNames[] 参数包含 ../ 的路径穿越 payload,同时限制该接口仅允许已认证管理员访问。"
5+ score = 9.0
6+ severity = " CRITICAL"
7+ sources = [" nuclei" ]
8+ title = " 杭州阔知网络科技 EduSoho 任意文件读取漏洞"
9+ updated = " 2023-12-15"
10+
11+ [exploit ]
12+ exp_urls = []
13+ poc_urls = []
14+
15+ [id ]
16+ aliases = [" NUCLEI-HTTP-CNVD-2023-CNVD-2023-03903-YAML" ]
17+ ave_id = " AVE-2023-0114"
18+
19+ [meta ]
20+ collected_at = " 2026-07-14T00:00:00Z"
21+ status = " completed"
22+
23+ [references ]
24+ urls = [
25+ " https://blog.csdn.net/qq_41904294/article/details/135007351" ,
26+ " https://github.com/gobysec/GobyVuls/blob/master/CNVD-2023-03903.md" ,
27+ ]
You can’t perform that action at this time.
0 commit comments