Exploitation Summary
EIP tracks 1 public exploit for CVE-2020-13383.
Includes Metasploit module exploits/unix/webapp/opensis_chain_exec.
AI-analyzed exploit summary This Metasploit module exploits an unauthenticated PHP code execution vulnerability in openSIS 7.4 and prior versions by chaining an incorrect access control issue, a Local File Inclusion, and a SQL injection vulnerability that leads to arbitrary PHP code execution via an unsafe use of the eval() function.
Description
openSIS through 7.4 allows Directory Traversal.
Exploits (1)
This Metasploit module exploits an unauthenticated PHP code execution vulnerability in openSIS 7.4 and prior versions by chaining an incorrect access control issue, a Local File Inclusion, and a SQL injection vulnerability that leads to arbitrary PHP code execution via an unsafe use of the eval() function.
References (3)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N