OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-12-04T15:27:22
Updated: 2024-08-04T16:18:43.459Z
Reserved: 2020-10-21T00:00:00
Link: CVE-2020-27408
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-12-04T16:15:10.983
Modified: 2024-11-21T05:21:11.217
Link: CVE-2020-27408
Redhat
No data.