PT-2020-18935 · Os4Ed · Os4Ed Opensis
Yuri Kramarz
·
Published
2020-09-01
·
Updated
2022-07-28
·
CVE-2020-6121
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OS4Ed openSIS version 7.3
Description
SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page. The
ln parameter in this page is vulnerable to SQL injection, allowing an attacker to make an authenticated HTTP request to trigger the issue.Recommendations
For OS4Ed openSIS version 7.3, consider restricting access to the CheckDuplicateStudent.php page until a patch is available. As a temporary workaround, avoid using the
ln parameter in the affected page to minimize the risk of exploitation.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Os4Ed Opensis