exploitDog

CVE-2023-38884

Опубликовано: 20 нояб. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/-'

Ссылки

https://github.com/OS4ED/openSIS-Classic
Release Notes
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38884
Vendor Advisory
https://www.os4ed.com/
Product
https://github.com/OS4ED/openSIS-Classic
Release Notes
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38884
Vendor Advisory
https://www.os4ed.com/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:os4ed:opensis:9.0:*:*:*:community:*:*:*

EPSS

Процентиль: 57%

0.00356

Низкий

7.5 High

CVSS3

Дефекты

CWE-639

Связанные уязвимости

GHSA-qhqf-328w-9ggv

CVSS3: 7.5

github

около 2 лет назад

An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/<studentId>-<filename>'

EPSS

Процентиль: 57%

0.00356

Низкий

7.5 High

CVSS3

Дефекты

CWE-639