CVE-2023-38879
18Vexday Risk Score
Patch soon. It has a working public exploit.
ssvc Attendepss 3.7%
exploitation probability
3.7%top 12% of all CVEs
observed exploitation
nono source reports it
The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to read arbitrary files via a directory traversal vulnerability in the 'filename' parameter of 'DownloadWindow.php'.
Affected products
n/a · n/a