CVE-2023-38884

high

Description

An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/<studentId>-<filename>'

References

https://www.os4ed.com/

https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38884

https://github.com/OS4ED/openSIS-Classic

Details

Source: Mitre, NVD

Published: 2023-11-20

Updated: 2023-11-30

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N