exploitDog

GHSA-x2j6-463f-4h4m

Опубликовано: 20 нояб. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 7.5

Описание

The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to read arbitrary files via a directory traversal vulnerability in the 'filename' parameter of 'DownloadWindow.php'.

The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to read arbitrary files via a directory traversal vulnerability in the 'filename' parameter of 'DownloadWindow.php'.

Ссылки

EPSS

Процентиль: 94%

0.11974

Средний

7.5 High

CVSS3

CVE ID

Дефекты

CWE-22

Связанные уязвимости

CVE-2023-38879

CVSS3: 7.5

nvd

около 2 лет назад

The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to read arbitrary files via a directory traversal vulnerability in the 'filename' parameter of 'DownloadWindow.php'.

EPSS

Процентиль: 94%

0.11974

Средний

7.5 High

CVSS3

CVE ID

Дефекты

CWE-22