Lucene search

PRIOn knowledge basePRION:CVE-2023-38884

HistoryNov 20, 2023 - 7:15 p.m.

Design/Logic Flaw

2023-11-2019:15:00

PRIOn knowledge base

www.prio-n.com

design/logic flaw

community edition

opensis classic

insecure direct object reference

version 9.0

student files

remote attacker

unauthenticated access

nvd

7.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

41.0%

JSON

An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student’s files by visiting ‘/assets/studentfiles/<studentId>-<filename>’

CPENameOperatorVersion
opensiseq9.0

CPE	Name	Operator	Version
	opensis	eq	9.0

References

github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38884

github.com/OS4ED/openSIS-Classic

www.os4ed.com/