CVE-2026-8406 – openSIS Classic 9.3 – Insecure Direct Object Reference in Sent Mail

CVE ID :CVE-2026-8406

Published : June 11, 2026, 2:16 p.m. | 1 hour, 3 minutes ago

Description :openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request sent-message details from modules/messaging/SentMail.php by supplying an arbitrary mail_id value.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-9648 – CVE-2026-9648

CVE-2026-7870 – IBM i is Affected by Privilege Escalation []

CVE-2026-7787 – Unauthenticated Session History Access via Public Flow Execution

CVE-2026-53777 – Perry < 0.5.1159 Path Traversal via ArtifactReady WebSocket