Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup is stored in the web root while the file name has a format of "opensisBackup<date>.sql" (e.g. "opensisBackup07-20-2023.sql"), i.e. can easily be guessed. This file can be accessed by any unauthenticated actor and contains a dump of the whole database including password hashes.
AnalysisAI
The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup is stored in the web root while the file name has a format of "opensisBackup<date>.sql" (e.g. "opensisBackup07-20-2023.sql"), i.e. can easily be guessed. This file can be accessed by any unauthenticated actor and contains a dump of the whole database including password hashes. Affected products include: Os4Ed Opensis. Version information: version 9.0.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP cod
openSIS through 7.4 allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable
openSIS through 7.4 has Incorrect Access Control. Rated critical severity (CVSS 9.1), this vulnerability is remotely exp
openSIS through 7.4 allows Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitab
A remote code execution vulnerability in OS4Ed Open Source Information System Community (CVSS 9.8). Critical severity wi
SQL injection vulnerabilities were discovered in Ajax.php, ForWindow.php, ForExport.php, Modules.php, functions/HackingL
SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. Rat
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database
An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1) ADDR_CONT_USRN, 2) ADDR_CONT_PSWD, 3) SECN_CONT_
An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php. Rated critica
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today