cbcvebase.
CVE-2023-38879
published 2023-11-20

CVE-2023-38879: The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to read arbitrary files via a directory traversal vulnerability in the…

PriorityP357high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
3.66%
88.2th percentile
The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to read arbitrary files via a directory traversal vulnerability in the 'filename' parameter of 'DownloadWindow.php'.

Affected

1 ranges
VendorProductVersion rangeFixed in
os4edopensis

Detection & IOCsextracted from sources · hover to see the quote

path/DownloadWindow.php
url{{BaseURL}}/DownloadWindow.php?filename=../../../../../../../../etc/passwd
commandGET /DownloadWindow.php?filename=../../../../../../../../etc/passwd
  • Match HTTP 200 response body for the regex pattern 'root:.*:0:0:' indicating /etc/passwd content was returned, confirming successful path traversal via the 'filename' parameter in DownloadWindow.php.
  • Check response headers for presence of 'filename=' and 'text/html' together, which the nuclei template uses as a secondary confirmation of exploitation.
  • The vulnerability is unauthenticated — no session or login cookie is required to exploit DownloadWindow.php via the 'filename' parameter.
  • Use Shodan query 'title:"openSIS"' or FOFA query 'title="openSIS"' to identify exposed openSIS instances for proactive scanning.
  • ·The path traversal payload depth (8x '../') targets /etc/passwd specifically; actual exploitable depth may vary depending on server document root configuration.
  • ·Vulnerability is confirmed only for openSIS Classic Community Edition v9.0; other versions are not explicitly stated as affected.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.