PatchSiren cyber security CVE debrief
CVE-2023-7335 Hangzhou Kuozhi Network Technology Co., Ltd. CVE debrief
CVE-2023-7335 is an arbitrary file read vulnerability in EduSoho versions prior to 22.4.7. A remote, unauthenticated attacker can exploit this vulnerability to read arbitrary files from the server filesystem, including application configuration files that may contain secrets and database credentials. This vulnerability exists in the classroom-course-statistics export functionality. Affected product deployments should be identified, and owners assigned for follow-up.
- Vendor
- Hangzhou Kuozhi Network Technology Co., Ltd.
- Product
- EduSoho
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-22
- Original CVE updated
- 2026-07-15
- Advisory published
- 2026-01-22
- Advisory updated
- 2026-07-15
Who should care
Administrators and users of EduSoho versions prior to 22.4.7 should be aware of this vulnerability and take immediate action to patch their systems. This vulnerability can be exploited by a remote, unauthenticated attacker to read arbitrary files from the server filesystem. Affected operator, platform, vulnerability-management, and security-team impact should be reviewed.
Technical summary
The vulnerability exists in the classroom-course-statistics export functionality of EduSoho. A remote, unauthenticated attacker can supply crafted path traversal sequences in the fileNames[] parameter to read arbitrary files from the server filesystem. This can include application configuration files such as config/parameters.yml that may contain secrets and database credentials. Defenders should review compensating controls for exposed systems while remediation is scheduled and verified.
Defensive priority
High
Recommended defensive actions
- Apply the patch: Upgrade to EduSoho version 22.4.7 or later.
- Inventory and monitor: Check for and monitor any suspicious activity related to the classroom-course-statistics export functionality.
- Exception tracking: Keep track of any exceptions or errors related to file access.
- Compensating controls: Consider implementing compensating controls such as web application firewalls or intrusion detection systems to detect and prevent exploitation attempts.
- Retest: Retest the system after applying the patch to ensure the vulnerability is resolved.
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
Evidence notes
Exploitation evidence was observed by the Shadowserver Foundation on 2026-01-19 (UTC). The CVE record was published on 2026-01-22T17:15:53.117Z and last modified on 2026-07-15T02:17:08.690Z. Evidence is limited, and defenders should verify affected scope and vendor guidance.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-01-22T17:15:53.117Z and has not been modified since then.