CVE-2020-27408

EUVD-2020-19919
OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
Affected Products (NVD)
VendorProductVersion
os4edopensis
𝑥
≤ 7.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/OS4ED/openSIS-Responsive-Design/releases
https://insinuator.net/2020/10/opensis-vulnerabilities/
https://github.com/OS4ED/openSIS-Responsive-Design/releases
https://insinuator.net/2020/10/opensis-vulnerabilities/