Exploitation Summary
CVE-2023-38879 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to read arbitrary files via a directory traversal vulnerability in the 'filename' parameter of 'DownloadWindow.php'.
Nuclei Templates (1)
openSIS v9.0 - Path Traversal
HIGHVERIFIEDby haliteroglu
Shodan:
title:"openSIS"
FOFA:
title="openSIS"
References (3)
Core 3
Core References
Third Party Advisory
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38879
Product
https://www.os4ed.com/
Scores
CVSS v3
7.5
EPSS
0.0366
EPSS Percentile
88.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
os4ed/opensis
9.0
Published
Nov 20, 2023
Tracked Since
Feb 18, 2026