Lucene search

[email protected]NVD:CVE-2020-6133

HistorySep 01, 2020 - 3:15 p.m.

CVE-2020-6133

2020-09-0115:15:12

CWE-89

[email protected]

web.nvd.nist.gov

cve-2020-6133

sql injection

os4ed opensis

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

39.3%

JSON

SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page CourseMoreInfo.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Affected configurations

Nvd

Node

os4edopensisMatch7.3

VendorProductVersionCPE
os4edopensis7.3cpe:2.3:a:os4ed:opensis:7.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
os4ed	opensis	7.3	cpe:2.3:a:os4ed:opensis:7.3:::::::*

References

talosintelligence.com/vulnerability_reports/TALOS-2020-1077

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

39.3%

JSON

Related for NVD:CVE-2020-6133

cve1 osv1 prion1 cvelist1 talos1