CVE-2023-38879
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2023-38879. We'll provide specific mitigation strategies based on your environment and risk profile.
Description
The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to read arbitrary files via a directory traversal vulnerability in the 'filename' parameter of 'DownloadWindow.php'.
Available Exploits
openSIS v9.0 - Path Traversal
A path traversal vulnerability exists in openSIS Classic Community Edition v9.0 via the 'filename' parameter in DownloadWindow.php. An unauthenticated remote attacker can exploit this to read arbitrary files on the server by manipulating file paths.
Related News
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Advisory Details
CVSS Scoring
CVSS Score
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References
Advisory provided by GitHub Security Advisory Database. Published: November 20, 2023, Modified: November 30, 2023