Browse all 4 CVE security advisories affecting OpenGnsys. AI-powered Chinese analysis, POCs, and references for each vulnerability.
OpenGnsys is an open-source computer lab management system primarily used for deploying and maintaining educational IT environments. Historically, it has been vulnerable to multiple remote code execution flaws, cross-site scripting vulnerabilities, and privilege escalation issues, as evidenced by its four recorded CVEs. The platform's web interface has been particularly susceptible to input validation weaknesses, allowing unauthorized access or system compromise. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities in its web components suggests potential risks in unpatched deployments, particularly in academic settings where access controls may be less stringent.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-3707 | Exposure of Information Through Directory Listing vulnerability in OpenGnsys — OpenGnsysCWE-548 | 5.3 | Medium | 2024-04-12 |
| CVE-2024-3706 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in OpenGnsys — OpenGnsysCWE-200 | 5.9 | Medium | 2024-04-12 |
| CVE-2024-3705 | Unrestricted Upload of File with Dangerous Type vulnerability in OpenGnsys — OpenGnsysCWE-434 | 8.8 | High | 2024-04-12 |
| CVE-2024-3704 | SQL Injection vulnerability in OpenGnsys — OpenGnsysCWE-89 | 9.8 | Critical | 2024-04-12 |
This page lists every published CVE security advisory associated with OpenGnsys. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.