CVE-2024-8707

Name of the Vulnerable Software and Affected Versions: Yunke Online School System versions up to 3.0.6

Description: A vulnerability was found in the Yunke Online School System, affecting the downfile function of the file application/admin/controller/Appadmin.php. The manipulation of the url argument leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations: For versions up to 3.0.6, as a temporary workaround, consider disabling the downfile function until a patch is available. Restrict access to the application/admin/controller/Appadmin.php file to minimize the risk of exploitation. Avoid using the url argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.