PatchSiren

PatchSiren cyber security CVE debrief

CVE-2023-7335 Hangzhou Kuozhi Network Technology Co., Ltd. CVE debrief

CVE-2023-7335 is an arbitrary file read vulnerability in EduSoho versions prior to 22.4.7. A remote, unauthenticated attacker can exploit this vulnerability to read arbitrary files from the server filesystem, including application configuration files that may contain secrets and database credentials. This vulnerability exists in the classroom-course-statistics export functionality. Affected product deployments should be identified, and owners assigned for follow-up.

Vendor
Hangzhou Kuozhi Network Technology Co., Ltd.
Product
EduSoho
CVSS
HIGH 8.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-01-22
Original CVE updated
2026-07-15
Advisory published
2026-01-22
Advisory updated
2026-07-15

Who should care

Administrators and users of EduSoho versions prior to 22.4.7 should be aware of this vulnerability and take immediate action to patch their systems. This vulnerability can be exploited by a remote, unauthenticated attacker to read arbitrary files from the server filesystem. Affected operator, platform, vulnerability-management, and security-team impact should be reviewed.

Technical summary

The vulnerability exists in the classroom-course-statistics export functionality of EduSoho. A remote, unauthenticated attacker can supply crafted path traversal sequences in the fileNames[] parameter to read arbitrary files from the server filesystem. This can include application configuration files such as config/parameters.yml that may contain secrets and database credentials. Defenders should review compensating controls for exposed systems while remediation is scheduled and verified.

Defensive priority

High

Recommended defensive actions

  • Apply the patch: Upgrade to EduSoho version 22.4.7 or later.
  • Inventory and monitor: Check for and monitor any suspicious activity related to the classroom-course-statistics export functionality.
  • Exception tracking: Keep track of any exceptions or errors related to file access.
  • Compensating controls: Consider implementing compensating controls such as web application firewalls or intrusion detection systems to detect and prevent exploitation attempts.
  • Retest: Retest the system after applying the patch to ensure the vulnerability is resolved.
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.

Evidence notes

Exploitation evidence was observed by the Shadowserver Foundation on 2026-01-19 (UTC). The CVE record was published on 2026-01-22T17:15:53.117Z and last modified on 2026-07-15T02:17:08.690Z. Evidence is limited, and defenders should verify affected scope and vendor guidance.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-01-22T17:15:53.117Z and has not been modified since then.