CVE-2023-38884

Published: 2023-11-20T19:15Z

Last Modified: 2024-11-21T08:14Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/<studentId>-<filename>' > MITRE Terms of Use apply – see LICENSE‑MITRE.txt