GHSA-vgf3-fpxc-h968High

openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging...

Published
June 11, 2026
Last Modified
June 11, 2026

🔗 CVE IDs covered (1)

📋 Description

openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request sent-message details from modules/messaging/SentMail.php by supplying an arbitrary mail_id value.

🔗 References (5)