CVE-2018-13038

Name of the Vulnerable Software and Affected Versions OpenSID version 18.06-pasca

Description The issue allows for an Unrestricted File Upload via an Attachment Document in the article feature. This leads to uploading arbitrary PHP code by using a .php filename with the application/pdf Content-Type.

Recommendations For OpenSID version 18.06-pasca, consider restricting the upload of files with executable extensions, such as .php, to prevent arbitrary code execution until a patch is available. As a temporary workaround, restrict access to the article feature's file upload functionality to minimize the risk of exploitation.