Remote Code Execution Vulnerability in OS4Ed openSIS 7.3 Modules.php Allows Local File Inclusion

Remote Code Execution Vulnerability in OS4Ed openSIS 7.3 Modules.php Allows Local File Inclusion

CVE-2020-6142 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A remote code execution vulnerability exists in the Modules.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can cause local file inclusion. An attacker can send an HTTP request to trigger this vulnerability.

Learn more about our Web Application Penetration Testing UK.