4 matches found
CVE-2025-22927
An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to /Modules.php?modname=messaging/Inbox.php=save...
CVE-2025-22927
An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to /Modules.php?modname=messaging/Inbox.php&modfunc=save&filename...
CVE-2025-22927
An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to /Modules.php?modname=messaging/Inbox.php&modfunc=save&filename...
CVE-2025-22927
CVE-2025-22927 affects OS4ED openSIS v8.0–v9.1. A directory-traversal is possible via a crafted POST to /Modules.php?modname=messaging/Inbox.php&modfunc=save&filename, enabling access/alteration of files outside the intended directory. The CVSSv3.1 base score is 9.1 (CRITICAL) with Network attack...