CVE-2023-38880

Name of the Vulnerable Software and Affected Versions openSIS Classic version 9.0

Description The issue concerns a broken access control vulnerability in the database backup functionality. When an admin generates a database backup, it is stored in the web root with a filename that can be easily guessed, such as "opensisBackup.sql". This file can be accessed by any unauthenticated actor and contains a dump of the whole database, including password hashes.

Recommendations For openSIS Classic version 9.0, consider restricting access to the database backup files until a proper fix is available. As a temporary workaround, avoid using the default filename format for database backups and store them outside the web root to prevent unauthorized access.