Proliz S Obs
Monthly
Sensitive information disclosure in Proliz Software's OBS (a student information management system) affects all versions before v3.6.0, allowing remote unauthenticated attackers to reach functionality that is not properly restricted by access-control lists (CWE-201) and retrieve confidential data. The CVSS 7.5 vector (AV:N/AC:L/PR:N/UI:N, C:H only) confirms network-reachable, no-privilege access with high confidentiality impact but no integrity or availability effect. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Sensitive information disclosure in Proliz Software's OBS (a student information management system) affects all versions before v3.6.0, allowing remote unauthenticated attackers to reach functionality that is not properly restricted by access-control lists (CWE-201) and retrieve confidential data. The CVSS 7.5 vector (AV:N/AC:L/PR:N/UI:N, C:H only) confirms network-reachable, no-privilege access with high confidentiality impact but no integrity or availability effect. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.