Lucene search

TalosCVELIST:CVE-2020-6127

HistorySep 01, 2020 - 2:14 p.m.

CVE-2020-6127

2020-09-0114:14:51

CWE-89

talos

www.cve.org

cve-2020-6127

sql injection

courseperiodmodal.php

os4ed opensis 7.3

authenticated http request

CVSS3

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

39.3%

JSON

SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. The id parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CNA Affected

[
  {
    "product": "OS4Ed",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "OS4Ed openSIS 7.3"
      }
    ]
  }
]

References

talosintelligence.com/vulnerability_reports/TALOS-2020-1075

CVSS3

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

39.3%

JSON

Related for CVELIST:CVE-2020-6127