First published: Mon Nov 20 2023(Updated: )
The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup is stored in the web root while the file name has a format of "opensisBackup<date>.sql" (e.g. "opensisBackup07-20-2023.sql"), i.e. can easily be guessed. This file can be accessed by any unauthenticated actor and contains a dump of the whole database including password hashes.
|Affected Software||Affected Version||How to fix|
CVE-2023-38880 is a critical vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic, which allows unauthorized access to the database backups.
CVE-2023-38880 allows an admin to generate a database backup, which is stored in the web root, posing a risk of unauthorized access to sensitive data.
CVE-2023-38880 has a severity level of 9.8 (critical).
To fix CVE-2023-38880, OS4ED's openSIS Classic version 9.0 users should apply the latest patch or upgrade to a version that has addressed the vulnerability.
You can find more information about CVE-2023-38880 on the OS4ED GitHub repository, OS4ED's official website, and the vulnerability researcher's GitHub repository.