Vulnerability Details : CVE-2020-13382
Public exploit exists!
openSIS through 7.4 has Incorrect Access Control.
Products affected by CVE-2020-13382
- cpe:2.3:a:os4ed:opensis:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-13382
32.87%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2020-13382
-
openSIS Unauthenticated PHP Code Execution
Disclosure Date: 2020-06-30First seen: 2020-07-04exploit/unix/webapp/opensis_chain_execThis module exploits multiple vulnerabilities in openSIS 7.4 and prior versions which could be abused by unauthenticated attackers to execute arbitrary PHP code with the permissions of the webserver. The exploit chain abuses an incorrect access control issue
CVSS scores for CVE-2020-13382
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:P/A:N |
10.0
|
4.9
|
NIST | |
9.1
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
3.9
|
5.2
|
NIST |
CWE ids for CVE-2020-13382
-
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-13382
-
http://packetstormsecurity.com/files/158255/openSIS-7.4-Incorrect-Access-Control.html
openSIS 7.4 Incorrect Access Control ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://github.com/OS4ED/openSIS-Responsive-Design/commits/master
Commits · OS4ED/openSIS-Responsive-Design · GitHubThird Party Advisory
-
http://packetstormsecurity.com/files/158331/openSIS-7.4-Unauthenticated-PHP-Code-Execution.html
openSIS 7.4 Unauthenticated PHP Code Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
Jump to