Critical
CVSS 9.1
Overview
An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to /Modules.php?modname=messaging/Inbox.php&modfunc=save&filename.
CVE-2025-22927
An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a direct...
Risk analysis
This vulnerability is rated 🔴 CRITICAL.
- CVSS: 9.1 (CRITICAL)
- Detected tags: path (tag impact: MODERATE)
Recommended actions:
- Canonicalize path; block `..` traversal; use allowlists.