CVE-2023-38880

Published: Nov 20, 2023

Modified: Aug 2, 2024

PUBLISHED

Description

The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup is stored in the web root while the file name has a format of "opensisBackup<date>.sql" (e.g. "opensisBackup07-20-2023.sql"), i.e. can easily be guessed. This file can be accessed by any unauthenticated actor and contains a dump of the whole database including password hashes.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/OS4ED/openSIS-Classic

https://www.os4ed.com/

https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38880

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-38880

Description

Affected Products

References