CVE-2020-27408

OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
VendorProductVersion
os4edopensis
𝑥
≤ 7.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/OS4ED/openSIS-Responsive-Design/releases
https://insinuator.net/2020/10/opensis-vulnerabilities/
https://github.com/OS4ED/openSIS-Responsive-Design/releases
https://insinuator.net/2020/10/opensis-vulnerabilities/