0.001 Low
EPSS
Percentile
41.0%
An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any studentβs files by visiting β/assets/studentfiles/<studentId>-<filename>β
github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38884
github.com/OS4ED/openSIS-Classic
www.os4ed.com/