exploitDog

CVE-2023-38879

Опубликовано: 20 нояб. 2023

Источник: nvd

CVSS3: 7.5

EPSS Средний

Описание

The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to read arbitrary files via a directory traversal vulnerability in the 'filename' parameter of 'DownloadWindow.php'.

Ссылки

https://github.com/OS4ED/openSIS-Classic
Product
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38879
Third Party Advisory
https://www.os4ed.com/
Product
https://github.com/OS4ED/openSIS-Classic
Product
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38879
Third Party Advisory
https://www.os4ed.com/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:os4ed:opensis:9.0:*:*:*:community:*:*:*

EPSS

Процентиль: 94%

0.11974

Средний

7.5 High

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-x2j6-463f-4h4m

CVSS3: 7.5

github

около 2 лет назад

The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to read arbitrary files via a directory traversal vulnerability in the 'filename' parameter of 'DownloadWindow.php'.

EPSS

Процентиль: 94%

0.11974

Средний

7.5 High

CVSS3

Дефекты

CWE-22