Directory Traversal Vulnerability in OS4ED's openSIS Classic
CVE-2023-38879
7.5HIGH
What is CVE-2023-38879?
The Community Edition version 9.0 of OS4ED's openSIS Classic contains a directory traversal vulnerability in the 'filename' parameter of DownloadWindow.php. This flaw enables remote attackers to exploit the system and potentially read arbitrary files, posing a significant risk to data integrity and confidentiality. Proper validation of user inputs is crucial to mitigate such vulnerabilities. Users of affected versions should take immediate action to secure their systems.
