exploitDog

GHSA-mw97-j6p7-xp5g

Опубликовано: 03 апр. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 7.5

Описание

An insecure direct object reference (IDOR) in the component /assets/stafffiles of OS4ED openSIS v7.0 to v9.1 allows unauthenticated attackers to access files uploaded by staff members.

An insecure direct object reference (IDOR) in the component /assets/stafffiles of OS4ED openSIS v7.0 to v9.1 allows unauthenticated attackers to access files uploaded by staff members.

Ссылки

EPSS

Процентиль: 65%

0.00484

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-639

Связанные уязвимости

CVE-2025-22931

CVSS3: 7.5

nvd

10 месяцев назад

An insecure direct object reference (IDOR) in the component /assets/stafffiles of OS4ED openSIS v7.0 to v9.1 allows unauthenticated attackers to access files uploaded by staff members.

EPSS

Процентиль: 65%

0.00484

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-639