An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote malicious user to access any student's files by visiting '/assets/studentfiles/<studentId>-<filename>'
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
os4ed opensis 9.0 |