CVE-2021-40651

Name of the Vulnerable Software and Affected Versions OS4Ed OpenSIS Community version 8.0

Description The issue is a local file inclusion vulnerability in Modules.php, specifically affecting the modname parameter. This vulnerability can disclose arbitrary files from the server's filesystem, provided the application has access to the file.

Recommendations For OS4Ed OpenSIS Community version 8.0, consider restricting access to the vulnerable Modules.php file, specifically the modname parameter, until a patch is available. As a temporary workaround, disabling the Modules.php file or limiting its access can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.