CVE-2020-27408

OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users.
References
Link Resource
https://github.com/OS4ED/openSIS-Responsive-Design/releases Release Notes Third Party Advisory
https://insinuator.net/2020/10/opensis-vulnerabilities/ Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:os4ed:opensis:*:*:*:*:community:*:*:*

Information

Published : 2020-12-04 08:15

Updated : 2021-07-21 04:39


NVD link : CVE-2020-27408

Mitre link : CVE-2020-27408


JSON object : View

CWE
CWE-640

Weak Password Recovery Mechanism for Forgotten Password

CWE-287

Improper Authentication

Advertisement

dedicated server usa

Products Affected

os4ed

  • opensis