exploitDog

CVE-2025-22923

Опубликовано: 02 апр. 2025

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal and delete files by sending a crafted POST request to /Modules.php?modname=users/Staff.php&removefile.

Ссылки

https://github.com/OS4ED/openSIS-Classic
Product
https://github.com/esusalla/vulnerability-research/tree/main/CVE-2025-22923
Third Party Advisory
https://github.com/esusalla/vulnerability-research/tree/main/CVE-2025-22923
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:os4ed:opensis:*:*:*:*:*:*:*:*

Версия от 8.0 (включая) до 9.1 (включая)

EPSS

Процентиль: 79%

0.01299

Низкий

8.8 High

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-5prh-r43c-x8ww

CVSS3: 8.8

github

10 месяцев назад

An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal and delete files by sending a crafted POST request to /Modules.php?modname=users/Staff.php&removefile.

EPSS

Процентиль: 79%

0.01299

Низкий

8.8 High

CVSS3

Дефекты

CWE-22