CVE-2021-40651

MEDIUM NUCLEI

OS4Ed OpenSIS Community 8.0 - Info Disclosure

Title source: llm

Description

OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server's filesystem as long as the application has access to the file.

Exploits (1)

exploitdb WORKING POC

by Eric Salario · textwebappsphp

https://www.exploit-db.com/exploits/50259

View Code ZIP pw:eip

Nuclei Templates (1)

OS4Ed OpenSIS Community 8.0 - Local File Inclusion

MEDIUMby ctflearner

Shodan: title:"openSIS" || http.title:"opensis"

FOFA: title="opensis"

References (3)

[Exploit, Third Party Advisory] https://github.com/MiSERYYYYY/Vulnerability-Reports-and-Disclosures/blob/main/OpenSIS-Community-8.0.md

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/50259

[Exploit, Third Party Advisory] https://youtu.be/wFwlbXANRCo

Scores

CVSS v3 6.5

EPSS 0.7646

EPSS Percentile 98.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (1)

os4ed/opensis 8.0

Published Sep 29, 2021

Tracked Since Feb 18, 2026