QSearchQSearch

CVE-2026-8406

openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module

Published: 2026-06-11 · Last updated: 2026-06-11

Severity and scoring

CWE
CWE-639

Description

openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request sent-message details from modules/messaging/SentMail.php by supplying an arbitrary mail_id value.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-47238 ClipBucket v5 is an open source video sharing platform (6.5 MEDIUM)
  • CVE-2026-47189 Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support
  • CVE-2026-7787 IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authenticatio... (7.5 HIGH)
  • CVE-2026-6976 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.... (3.7 LOW)
  • CVE-2026-6552 GitLab has remediated an issue in GitLab EE affecting all versions from 15.5 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2... (8.7 HIGH)