CVE-2023-38884 Information

Description

An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student’s files by visiting ‘/assets/studentfiles/-’

Reference

https://github.com/OS4ED/openSIS-Classic https://www.os4ed.com/ https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38884