CVE-2024-8707

Summary

A vulnerability was found in 云课网络科技有限公司 Yunke Online School System up to 3.0.6. It has been declared as problematic. This vulnerability affects the function downfile of the file application/admin/controller/Appadmin.php. The manipulation of the argument url leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
云课网络科技有限公司Yunke Online School System3.0.0affected
云课网络科技有限公司Yunke Online School System3.0.1affected
云课网络科技有限公司Yunke Online School System3.0.2affected
云课网络科技有限公司Yunke Online School System3.0.3affected
云课网络科技有限公司Yunke Online School System3.0.4affected
云课网络科技有限公司Yunke Online School System3.0.5affected
云课网络科技有限公司Yunke Online School System3.0.6affected

Weaknesses

  • CWE-22: CWE-22 Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References