Local File Inclusion Vulnerability in OS4Ed OpenSIS Community 8.0 Modules.php (modname parameter)

Local File Inclusion Vulnerability in OS4Ed OpenSIS Community 8.0 Modules.php (modname parameter)

CVE-2021-40651 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server's filesystem as long as the application has access to the file.

Learn more about our Cis Benchmark Audit For Server Software.