CVE-2021-40651

Опубликовано: 29 сент. 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Средний

Описание

OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server's filesystem as long as the application has access to the file.

Ссылки

https://github.com/MiSERYYYYY/Vulnerability-Reports-and-Disclosures/blob/main/OpenSIS-Community-8.0.md
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/50259
Exploit
Third Party Advisory
VDB Entry
https://youtu.be/wFwlbXANRCo
Exploit
Third Party Advisory
https://github.com/MiSERYYYYY/Vulnerability-Reports-and-Disclosures/blob/main/OpenSIS-Community-8.0.md
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/50259
Exploit
Third Party Advisory
VDB Entry
https://youtu.be/wFwlbXANRCo
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:os4ed:opensis:8.0:*:*:*:community:*:*:*

EPSS

Процентиль: 99%

0.69873

Средний

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-7g4r-gjr5-j9m7

github

больше 3 лет назад