The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup is stored in the web root while the file name has a format of "opensisBackup<date>.sq|" (e.g. "opensisBackup07-20-2023.sql"), i.e. can easily be guessed. This file can be accessed by any unauthenticated actor and contains a dump of the whole database including password hashes.

Related CVEs

CVE-2023-38880

Key Information

GHSA ID

GHSA-qf6w-3hhv-8hpf

Published

November 20, 2023 9:31 PM

Last Modified

November 30, 2023 3:30 AM

CVSS Score

9.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: July 31, 2025 6:36 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.