CVE-2020-27408

OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users.
References
Link Resource
https://github.com/OS4ED/openSIS-Responsive-Design/releases Release Notes Third Party Advisory
https://insinuator.net/2020/10/opensis-vulnerabilities/ Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:os4ed:opensis:*:*:*:*:community:*:*:*

History

No history.

Information

Published : 2020-12-04 16:15

Updated : 2024-02-28 18:08


NVD link : CVE-2020-27408

Mitre link : CVE-2020-27408

CVE.ORG link : CVE-2020-27408


JSON object : View

Products Affected

os4ed

  • opensis
CWE
CWE-287

Improper Authentication

CWE-640

Weak Password Recovery Mechanism for Forgotten Password