CRITICALπŸ‡΅πŸ‡± Wersja polska

CVE-2025-22926

CVSS 9.8v3.1pub. 2025-04-03upd. 2025-04-30

An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to /Modules.php?modname=messaging/Inbox.php&modfunc=save&filename.

πŸ€– AI Analysis
How it works

An attacker sends a crafted HTTP POST request to the /Modules.php endpoint with parameters modname=messaging/Inbox.php, modfunc=save, and filename containing path traversal sequences (e.g., ../). The application does not properly validate the filename parameter value, which allows exiting the permitted directory and gaining access to arbitrary operating system files. The attack does not require authentication or user interaction, and can be performed remotely over the network.

Impact

An attacker can read, overwrite, or create arbitrary files accessible to the web application process, which may lead to disclosure of configuration data, credential theft, or execution of malicious code on the server.

Mitigation & patch

Apply patches available from the vendor according to the references. The vendor's repository is available at: https://github.com/OS4ED/openSIS-Classic. Until the fix is implemented, it is recommended to restrict access to the openSIS instance only to trusted IP addresses and monitor requests to the /Modules.php endpoint for anomalous filename parameter values.

Who is affected

Os4Ed openSIS in versions 8.0 to 9.1 inclusive.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Os4ed Opensis

    APP
    Os4Ed
    8.0 – 9.1
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2021-41691CRITICAL9.8PL βœ“ten sam produkt

SQL Injection w OpenSIS via parametry student_id i TRANSFER[SCHOOL]

CVE-2025-22929CRITICAL9.8PL βœ“ten sam produkt

SQL Injection w Os4Ed openSIS β€” parametr filter_id

CVE-2025-22927CRITICAL9.1PL βœ“ten sam produkt

Path traversal w openSIS β€” nieautoryzowany dostΔ™p do plikΓ³w przez Modules.php

CVE-2025-22928CRITICAL9.8PL βœ“ten sam produkt

SQL Injection w OS4ED openSIS β€” parametr cp_id w module wiadomoΕ›ci

CVE-2025-22930CRITICAL9.8PL βœ“ten sam produkt

SQL injection w OS4Ed openSIS via parametr groupid w Group.php

CVE-2025-22926 β€” Os4Ed β€” Opensis β€” CRITICAL β€” CVSS 9.8 | CVEbaza.pl