CVE-2020-6125

Name of the Vulnerable Software and Affected Versions OS4Ed openSIS version 7.3

Description An exploitable SQL injection issue exists in the GetSchool.php functionality. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this issue.

Recommendations For OS4Ed openSIS version 7.3, consider restricting access to the GetSchool.php functionality until a patch is available. As a temporary workaround, ensure that all HTTP requests to this functionality are thoroughly validated to minimize the risk of exploitation.