OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users.
References
Link | Resource |
---|---|
https://github.com/OS4ED/openSIS-Responsive-Design/releases | Release Notes Third Party Advisory |
https://insinuator.net/2020/10/opensis-vulnerabilities/ | Exploit Third Party Advisory |
Configurations
Information
Published : 2020-12-04 08:15
Updated : 2021-07-21 04:39
NVD link : CVE-2020-27408
Mitre link : CVE-2020-27408
JSON object : View
Products Affected
os4ed
- opensis