CVE-2023-28330

Summary

Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default.

Affected Software

VendorProductVersion RangeStatus
4.1.0 < 4.1.2affected
4.0.0 < 4.0.7affected
3.11.0 < 3.11.13affected
0 < 3.9.20affected

Weaknesses

  • CWE-20: Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References