OpenSIS Classic Community Edition 9.0 Insecure Direct Object Reference (IDOR) Vulnerability Allows Unauthorized Access to Student Files

CVE-2023-38884 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/<studentId>-<filename>'

Learn more about our Web Application Penetration Testing UK.