Vulnerabilities > CVE-2023-38879

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

NVD

Published: 2023-11-20

Updated: 2023-11-20

Summary

The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to read arbitrary files via a directory traversal vulnerability in the 'filename' parameter of 'DownloadWindow.php'.

References

https://github.com/OS4ED/openSIS-Classic
https://www.os4ed.com/
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38879

Vulnerabilities > CVE-2023-38879 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2023-38879"}]}

Summary

References

Vulnerabilities > CVE-2023-38879