CVE-2022-43319 An information disclosure vulnerability in the component vcs/downloadFiles.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files.

Attackers can host malicious scripts on a web server and then use a web browser to access the application via a direct request or by opening a malicious link.

CVE-2017-10267: An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files.

CVE-2017-10268: An authenticated administrator can upload new files to the application via the component vcs/uploadFile.php?folder=./search.php of Simple E-Learning System v1.0 which can lead to information disclosure.

CVE-2017-10269: An administrator can delete files via the component vcs/deleteFile.php?id=./search.php of Simple E-Learning System v1.0 which can lead to information disclosure.

CVE-2017-10270: An administrator can upload new files to the application via the component vcs/uploadFile.php?folder=./search.php of Simple E-Learning System v1.0 which can lead to information disclosure.

CVE-2017-10271: An administrator can delete files via the component vcs/deleteFile.php?id=./search.php of Simple E-Learning System v1.0 which can lead to information disclosure.

CVE-2017-10272: An administrator can upload new files to the application via the component

Summary

Attackers can host malicious scripts on a web server and then use a web browser to access the application via a direct request or by opening a malicious link. The vulnerability in Simple E-Learning System allows attackers to read arbitrary files. An authenticated administrator can upload new files to the application via the component vcs/uploadFile.php?folder=./search.php of Simple E-Learning System which can lead to information disclosure. An administrator can delete files via the component vcs/deleteFile.php?id=./search.php of Simple E-Learning System which can lead to information disclosure. An administrator can upload new files to the application via the component vcs/uploadFile.php?folder=./search.php of Simple E-Learning System which can lead to information disclosure.

Timeline

Published on: 11/07/2022 15:15:00 UTC
Last modified on: 11/08/2022 16:14:00 UTC

References

• https://github.com/ImaizumiYui/bug_report/blob/main/vendors/oretnom23/Simple%20E-Learning%20System/discl1.md
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43319