CVE-2023-38879
published 2023-11-20CVE-2023-38879: The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to read arbitrary files via a directory traversal vulnerability in the…
PriorityP357high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
3.66%
88.2th percentile
The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to read arbitrary files via a directory traversal vulnerability in the 'filename' parameter of 'DownloadWindow.php'.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| os4ed | opensis | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url{{BaseURL}}/DownloadWindow.php?filename=../../../../../../../../etc/passwd
commandGET /DownloadWindow.php?filename=../../../../../../../../etc/passwd
- →Match HTTP 200 response body for the regex pattern 'root:.*:0:0:' indicating /etc/passwd content was returned, confirming successful path traversal via the 'filename' parameter in DownloadWindow.php.
- →Check response headers for presence of 'filename=' and 'text/html' together, which the nuclei template uses as a secondary confirmation of exploitation.
- →The vulnerability is unauthenticated — no session or login cookie is required to exploit DownloadWindow.php via the 'filename' parameter.
- →Use Shodan query 'title:"openSIS"' or FOFA query 'title="openSIS"' to identify exposed openSIS instances for proactive scanning.
- ·The path traversal payload depth (8x '../') targets /etc/passwd specifically; actual exploitable depth may vary depending on server document root configuration.
- ·Vulnerability is confirmed only for openSIS Classic Community Edition v9.0; other versions are not explicitly stated as affected. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
openSIS v9.0 - Path Traversal
nuclei·CVSS 7.5
CVE-2023-38879 [HIGH] openSIS v9.0 - Path Traversal
openSIS v9.0 - Path Traversal
A path traversal vulnerability exists in openSIS Classic Community Edition v9.0 via the 'filename' parameter in DownloadWindow.php. An unauthenticated remote attacker can exploit this to read arbitrary files on the server by manipulating file paths.
Template:
id: CVE-2023-38879
info:
name: openSIS v9.0 - Path Traversal
author: haliteroglu
severity: high
description: |
A path traversal vulnerability exists in openSIS Classic Community Edition v9.0 via the 'filename' parameter in DownloadWindow.php. An unauthenticated remote attacker can exploit this to read arbitrary files on the server by manipulating file paths.
impact: |
Unauthenticated attackers can read arbitrary files from the server by manipulating the filename parameter in DownloadWindow.php, potent
No writeups or analysis indexed.
2023-11-20
Published