Arbitrary File Read Vulnerability in Backup Feature: Limited Access to Teachers, Managers, and Admins

Arbitrary File Read Vulnerability in Backup Feature: Limited Access to Teachers, Managers, and Admins

CVE-2023-28330 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default.

Learn more about our Web Application Penetration Testing UK.