CVE-2026-8406 – openSIS Classic 9.3 – Insecure Direct Object Reference in Sent Mail

CVE ID :CVE-2026-8406

Published : June 11, 2026, 2:16 p.m. | 1 hour, 3 minutes ago

Description :openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request sent-message details from modules/messaging/SentMail.php by supplying an arbitrary mail_id value.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-6338 – HTTP request smuggling in Kong Enteprise Gateway

CVE-2026-53723 – guzzlehttp/guzzle-services’ XML Request Serialization Vulnerable to XML Injection via CDATA Terminator

CVE-2026-53661 – boruta-server sent sensitive session cookies without the Secure attribute

CVE-2026-38581 – Damasac thaipalliative_lte SQL Injection