Headline
CVE-2022-33116: Open eClass
An issue in the jmpath variable in /modules/mindmap/index.php of GUnet Open eClass Platform (aka openeclass) v3.12.4 and below allows attackers to read arbitrary files via a directory traversal.
Key Features
**
COURSES
**
Develop and manage unlimited online courses
Exercises – Quizzes
Create self-assessment quizzes and online tests
LEARNING PATH
Create a sequence of steps with independent learning objects
STATISTICS
View statistics, track learners’ participation and progress, create surveys and reports
**EDUCATIONAL MATERIAL
**
Organize, store and distribute educational resources
ASSIGNMENTS
Create, manage and grade online assignments
USER GROUPS
Manage users and form groups to support collaborative learning
ELEARNING STANDARD COMPLIANCE
Use learning objects authored in all standard course authoring tools
MULTIMEDIA
Add, organize, store and embed multimedia files
eBooks
Upload, manage and present eBooks in HTML format
COMMUNICATION
Choose from a variety of communication tools (teleconference, chat, forum, messages)
Backup Files
Safeguard the content of the course in case of accidental deletion or corruption