CVE-2020-27408

OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users.
References
Link Resource
https://github.com/OS4ED/openSIS-Responsive-Design/releases Release Notes Third Party Advisory
https://insinuator.net/2020/10/opensis-vulnerabilities/ Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:os4ed:opensis:*:*:*:*:community:*:*:*

Information

Published : 2020-12-04 04:15

Updated : 2021-07-21 11:39


NVD link : CVE-2020-27408

Mitre link : CVE-2020-27408

Products Affected
No products.
CWE
CWE-287

CWE-640

Weak Password Recovery Mechanism for Forgotten Password