2 matches found
CVE-2023-38880
The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup is stored in the web root while the file name has a format of "opensisBackup.sql" e.g...
CVE-2023-38880
The CVE-2023-38880 entry describes a broken access control in OS4ED OpenSIS Classic Community Edition v9.0, where database backups created by an admin are stored in the web root with easily guessable names like opensisBackup.sql. This allows any unauthenticated actor to access a complete database...