Описание
OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users.
Ссылки
- Release NotesThird Party Advisory
- ExploitThird Party Advisory
- Release NotesThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7.6 (включая)
cpe:2.3:a:os4ed:opensis:*:*:*:*:community:*:*:*
EPSS
Процентиль: 78%
0.01184
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
github
больше 3 лет назад
OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users.
EPSS
Процентиль: 78%
0.01184
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-287