CVE-2020-6142

Name of the Vulnerable Software and Affected Versions OS4Ed openSIS version 7.3

Description A remote code execution issue exists in the Modules.php functionality, allowing for local file inclusion through a specially crafted HTTP request. This enables an attacker to send a request that triggers the issue.

Recommendations For OS4Ed openSIS version 7.3, consider restricting access to the Modules.php functionality until a fix is available. As a temporary workaround, avoid using the vulnerable functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.