CVE-2023-38885

Published
View on NVD ↗
CVSS v3
8.8
HIGH
CVSS v2
N/A
Affected
2
PROJECTS

Description

OpenSIS Classic Community Edition version 9.0 lacks cross-site request forgery (CSRF) protection throughout the whole app. This may allow an attacker to trick an authenticated user into performing any kind of state changing request.

OS4ED/openSIS-Classic
OS4ED/openSIS-Classic
openSIS is a commercial grade, secure, scalable & intuitive Student Information System, School Management Software from OS4ED. Has all functionalities to run single or multiple institutions in one installation. Web based, php code, MySQL database.
GitHubGitHub
317
dub-flow/vulnerability-research
dub-flow/vulnerability-research
This repository contains information on the CVEs I found.
GitHubGitHub
53