CVE-2020-27408

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-27408

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-27408.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-27408

Published

2020-12-04T16:15:10.983Z

Modified

2025-11-14T10:59:16.759427Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users.

References

Affected packages

Git / github.com/os4ed/opensis-responsive-design

Affected ranges

Type: GIT
Repo: https://github.com/os4ed/opensis-responsive-design
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

445edc6eb3c6f0a1232fd048846bcc51e6e58105

Affected versions

V7.*

V7.5

V7.6

Ver7.*

Ver7.0Prod

Ver7.0Prod_update

Ver7.0beta1

v7.*

v7.1

v7.2

v7.3

ver7.*

ver7.1

ver7.4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-27408.json"