← back
CVE-2023-38879

CVE-2023-38879

18Vexday Risk Score

Patch soon. It has a working public exploit.

ssvc Attendepss 3.7%
exploitation probability
3.7%top 12% of all CVEs
observed exploitation
nono source reports it
The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to read arbitrary files via a directory traversal vulnerability in the 'filename' parameter of 'DownloadWindow.php'.
Affected products
n/a · n/a