CVE-2020-1338301.07.2020, 15:15openSIS through 7.4 allows Directory Traversal.Path TraversalEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST7.5 HIGHNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NmitreCNA------CVEADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 97%VendorProductVersionos4edopensis𝑥≤ 7.4𝑥= Vulnerable software versionsKnown Exploits!http://packetstormsecurity.com/files/158256/openSIS-7.4-Local-File-Inclusion.htmlhttp://packetstormsecurity.com/files/158331/openSIS-7.4-Unauthenticated-PHP-Code-Execution.htmlhttp://packetstormsecurity.com/files/158256/openSIS-7.4-Local-File-Inclusion.htmlhttp://packetstormsecurity.com/files/158331/openSIS-7.4-Unauthenticated-PHP-Code-Execution.htmlCommon Weakness EnumerationCWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Referenceshttp://packetstormsecurity.com/files/158256/openSIS-7.4-Local-File-Inclusion.htmlhttp://packetstormsecurity.com/files/158331/openSIS-7.4-Unauthenticated-PHP-Code-Execution.htmlhttps://github.com/OS4ED/openSIS-Responsive-Design/commit/1127ae0bb7c3a2883febeabc6b71ad8d73510de8http://packetstormsecurity.com/files/158256/openSIS-7.4-Local-File-Inclusion.htmlhttp://packetstormsecurity.com/files/158331/openSIS-7.4-Unauthenticated-PHP-Code-Execution.htmlhttps://github.com/OS4ED/openSIS-Responsive-Design/commit/1127ae0bb7c3a2883febeabc6b71ad8d73510de8