.. / CVE-2021-40651

Exploit for OS4Ed OpenSIS Community 8.0 - Local File Inclusion (CVE-2021-40651)

Description:

OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server’s filesystem as long as the application has access to the file.

Nuclei Template

View the template here CVE-2021-40651.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-40651.yaml

References:

https://github.com/ARPSyndicate/cvemon
https://www.exploit-db.com/exploits/50259
https://www.youtube.com/watch?v=wFwlbXANRCo
https://nvd.nist.gov/vuln/detail/CVE-2021-40651
https://github.com/MiSERYYYYY/Vulnerability-Reports-and-Disclosures/blob/main/OpenSIS-Community-8.0.md

.. / CVE-2021-40651 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for OS4Ed OpenSIS Community 8.0 - Local File Inclusion (CVE-2021-40651)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-40651