CVE-2021-40651

MEDIUM NUCLEI

OS4Ed OpenSIS Community 8.0 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-40651. PoCs published by Eric Salario. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in OpenSIS 8.0 via the 'modname' parameter in 'Modules.php', allowing unauthorized access to arbitrary files on the server. The PoC requires authentication as a 'Parent' user and uses path traversal sequences to read sensitive files like '/etc/passwd'.

Description

OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server's filesystem as long as the application has access to the file.

Exploits (1)

exploitdb WORKING POC

by Eric Salario · textwebappsphp

https://www.exploit-db.com/exploits/50259

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in OpenSIS 8.0 via the 'modname' parameter in 'Modules.php', allowing unauthorized access to arbitrary files on the server. The PoC requires authentication as a 'Parent' user and uses path traversal sequences to read sensitive files like '/etc/passwd'.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: OpenSIS 8.0

Auth required

Prerequisites: Valid 'Parent' user credentials · Access to the target application

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

OS4Ed OpenSIS Community 8.0 - Local File Inclusion

MEDIUMby ctflearner

Shodan: title:"openSIS" || http.title:"opensis"

FOFA: title="opensis"

References (3)

Core 3

Core References

Exploit, Third Party Advisory x_refsource_misc

https://youtu.be/wFwlbXANRCo

Exploit, Third Party Advisory x_refsource_misc

https://github.com/MiSERYYYYY/Vulnerability-Reports-and-Disclosures/blob/main/OpenSIS-Community-8.0.md

View Exploit ZIP pw:eip

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/50259

Scores

CVSS v3 6.5

EPSS 0.1842

EPSS Percentile 96.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (1)

os4ed/opensis 8.0

Published Sep 29, 2021

Tracked Since Feb 18, 2026