PT-2025-50207 · Os4Ed+1 · Opensis+1
Published
2025-12-09
·
Updated
2025-12-22
·
CVE-2025-65594
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
OpenSIS versions 9.2 and below
Description
An issue exists in OpenSIS that relates to incorrect access control within the
Student.php component. An authenticated user with limited privileges can perform unauthorized database write operations affecting other users' data. The issue allows for unauthorized modification of database information. The vulnerable component is Student.php.Recommendations
Update to a version of OpenSIS newer than 9.2.
Exploit
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Opensis
Opensis-Responsive-Design