PT-2022-11281 · Os4Ed · Opensis
Published
2022-03-03
·
Updated
2022-03-09
·
CVE-2021-40635
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
OS4ED openSIS version 8.0
Description
The issue allows an attacker to inject a SQL query to extract information from the database due to SQL injection in ChooseCpSearch.php and ChooseRequestSearch.php.
Recommendations
For OS4ED openSIS version 8.0, consider restricting access to the vulnerable files ChooseCpSearch.php and ChooseRequestSearch.php until a patch is available. As a temporary workaround, avoid using the SQL query functionality in these files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Opensis