CVE-2022-43319

Name of the Vulnerable Software and Affected Versions Simple E-Learning System version 1.0

Description An information disclosure issue exists in the component "vcs/downloadFiles.php?download=./search.php" of Simple E-Learning System, allowing attackers to read arbitrary files.

Recommendations For Simple E-Learning System version 1.0, consider restricting access to the "vcs/downloadFiles.php" endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the download parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.