CRITICAL🇵🇱 Wersja polska

CVE-2025-22927

CVSS 9.1v3.1pub. 2025-04-03upd. 2025-07-17

An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to /Modules.php?modname=messaging/Inbox.php&modfunc=save&filename.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Os4ed Opensis

    APP
    Os4Ed
    8.0 – 9.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2021-41691CRITICAL9.8PL ✓ten sam produkt

SQL Injection w OpenSIS via parametry student_id i TRANSFER[SCHOOL]

CVE-2025-22929CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Os4Ed openSIS — parametr filter_id

CVE-2025-22926CRITICAL9.8PL ✓ten sam produkt

Path traversal w openSIS umożliwia nieautoryzowany dostęp do plików

CVE-2025-22928CRITICAL9.8PL ✓ten sam produkt

SQL Injection w OS4ED openSIS — parametr cp_id w module wiadomości

CVE-2025-22930CRITICAL9.8PL ✓ten sam produkt

SQL injection w OS4Ed openSIS via parametr groupid w Group.php