OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server's filesystem as long as the application has access to the file.
Max CVSS
6.5
EPSS Score
2.56%
Published
2021-09-29
Updated
2021-10-07
OpenSIS Community Edition version <= 7.6 is affected by a local file inclusion vulnerability in DownloadWindow.php via the "filename" parameter.
Max CVSS
9.8
EPSS Score
0.14%
Published
2021-09-16
Updated
2021-09-27
2 vulnerabilities found