CVE-2022-33116 Information

Description

An issue in the jmpath variable in /modules/mindmap/index.php of GUnet Open eClass Platform (aka openeclass) v3.12.4 and below allows attackers to read arbitrary files via a directory traversal.

Reference

https://www.openeclass.org/en/ https://github.com/gunet/openeclass https://emaragkos.gr/gunet-open-eclass-authenticated-path-traversal/ https://hg.gunet.gr/openeclass/diff/cbfc90094d51/modules/mindmap/index.php