CVE-2020-6144

Name of the Vulnerable Software and Affected Versions OS4Ed openSIS version 7.4

Description A remote code execution issue exists in the install functionality. The username variable, set at line 121 in install/Step5.php, allows for injection of PHP code into the Data.php file. An attacker can send an HTTP request to trigger this issue.

Recommendations For OS4Ed openSIS version 7.4, consider restricting access to the install functionality until a fix is available. As a temporary workaround, avoid using the username variable in the affected install/Step5.php file to minimize the risk of exploitation.