Lucene search
K

715 matches found

Cvelist
Cvelist
added 2020/09/01 2:1 p.m.37 views

CVE-2020-6123

An exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. The email parameter in the page EmailCheck.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...

6.4CVSS9AI score0.01403EPSS
Exploits1References1
CVE
CVE
added 2020/09/01 2:1 p.m.60 views

CVE-2020-6123

OS4Ed openSIS 7.3 is affected by CVE-2020-6123 due to SQL injection in the email parameter of EmailCheck.php and EmailCheckOthers.php. The TALOS advisory provides concrete details: vulnerable code directly interpolates $_REQUEST['email'] into SQL queries without proper sanitization, enabling an a...

8.8CVSS8.9AI score0.01403EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/09/01 1:57 p.m.32 views

CVE-2020-6122

SQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The mn parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...

6.4CVSS9AI score0.01403EPSS
Exploits1References1
CVE
CVE
added 2020/09/01 1:57 p.m.47 views

CVE-2020-6122

The TALOS report confirms a SQL injection in OS4Ed openSIS 7.3, specifically CheckDuplicateStudent.php where user-controlled parameters (fn, mn, ln, byear, bmonth, bday) are interpolated into SQL queries without proper sanitization. The vulnerability affects multiple parameters (notably mn) and c...

8.8CVSS8.9AI score0.01403EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/09/01 1:57 p.m.19 views

CVE-2020-6121

SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The ln parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...

6.4CVSS9.2AI score0.01403EPSS
Exploits1References1
CVE
CVE
added 2020/09/01 1:57 p.m.41 views

CVE-2020-6121

OS4Ed openSIS 7.3 is affected by multiple SQL injection vulnerabilities in CheckDuplicateStudent.php. The vulnerabilities concern parameters fn, mn, ln, byear, bmonth, and bday, which can be injected to alter SQL queries used to locate existing students. Talos documents exploit paths involving co...

8.8CVSS9.1AI score0.01403EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2020/09/01 1:56 p.m.51 views

CVE-2020-6120

OS4Ed openSIS 7.3 is vulnerable to SQL injection in CheckDuplicateStudent.php. TALOS documents multiple injectable parameters (fn, mn, ln, byear, bmonth, bday) used in a query that joins students and enrollment data, enabling authenticated HTTP requests to trigger the vulnerability. Affected code...

8.8CVSS8.9AI score0.01403EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/09/01 1:56 p.m.29 views

CVE-2020-6120

SQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The fn parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...

6.4CVSS9AI score0.01403EPSS
Exploits1References1
CVE
CVE
added 2020/09/01 1:51 p.m.46 views

CVE-2020-6119

OS4Ed openSIS 7.3 is affected by SQL injection in CheckDuplicateStudent.php (byear, and related params such as bday, bmonth, fn, mn, ln). The TALOS report TALOS-2020-1072 documents multiple SQL injections via building SQL with unsanitized inputs in CheckDuplicateStudent at lines 64–66, enabling a...

8.8CVSS9.1AI score0.01403EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2020/09/01 1:51 p.m.53 views

CVE-2020-6118

OS4Ed openSIS 7.3 is affected by multiple SQL injection vulnerabilities in CheckDuplicateStudent.php, specifically via the parameters fn, mn, ln, byear, bmonth, and bday. Talos documents that the vulnerable code constructs dynamic SQL queries using user-supplied values without proper parameteriza...

8.8CVSS9.1AI score0.01403EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2020/09/01 1:51 p.m.47 views

CVE-2020-6117

Summary: CVE-2020-6117 affects OS4Ed openSIS 7.3. The vulnerability is a SQL injection in the PHP page CheckDuplicateStudent.php, exploitable via the bday/byear/bmonth/fn/ln/mn parameters used to build a birthdate-based query. The TALOS report details the vulnerable code paths (lines where the qu...

8.8CVSS9.1AI score0.01403EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/09/01 1:51 p.m.32 views

CVE-2020-6117

SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bday parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...

6.4CVSS9.2AI score0.01403EPSS
Exploits1References1
CVE
CVE
added 2020/09/01 1:7 p.m.44 views

CVE-2020-6131

CVE-2020-6131 relates to multiple SQL injection vulnerabilities in OS4Ed openSIS 7.3 where the course_period_id parameter across several pages (MassScheduleSessionSet.php, MassDropSessionSet.php, CpSessionSet.php) is directly interpolated into SQL queries. The root cause is lacking input sanitiza...

8.8CVSS9.1AI score0.01403EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/09/01 1:7 p.m.39 views

CVE-2020-6131

SQL injection vulnerabilities exist in the courseperiodid parameters used in OS4Ed openSIS 7.3 pages. The courseperiodid parameter in the page MassScheduleSessionSet.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities...

6.4CVSS9.3AI score0.01403EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/09/01 1:7 p.m.33 views

CVE-2020-6130

SQL injection vulnerabilities exist in the courseperiodid parameters used in OS4Ed openSIS 7.3 pages. The courseperiodid parameter in the page MassDropSessionSet.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities...

6.4CVSS9.3AI score0.01403EPSS
Exploits1References1
CVE
CVE
added 2020/09/01 1:7 p.m.52 views

CVE-2020-6130

OS4Ed openSIS 7.3 is affected by multiple SQL injection vulnerabilities in the course_period_id parameter across several pages (MassDropSessionSet.php, MassScheduleSessionSet.php, CpSessionSet.php) and related code paths. The underlying cause is improper handling of COURSE_PERIOD_ID, enabling an ...

8.8CVSS9.1AI score0.01403EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/09/01 1:6 p.m.36 views

CVE-2020-6129

SQL injection vulnerabilities exist in the courseperiodid parameters used in OS4Ed openSIS 7.3 pages. The courseperiodid parameter in the page CpSessionSet.php is vulnerable to SQL injection.An attacker can make an authenticated HTTP request to trigger these vulnerabilities...

6.4CVSS9.2AI score0.01403EPSS
Exploits1References1
CVE
CVE
added 2020/09/01 1:6 p.m.45 views

CVE-2020-6129

CVE-2020-6129 affects OS4Ed openSIS 7.3. Multiple SQL injection vulnerabilities exist in the course_period_id parameter across CpSessionSet.php and related MassSchedule/MassDrops/MassScheduleSessionSet.php endpoints. An authenticated HTTP request can trigger the vulnerability, with the attacker e...

8.8CVSS9AI score0.01403EPSS
Exploits1References1Affected Software1
Talos Blog
Talos Blog
added 2020/08/31 7:8 a.m.27 views

Vulnerability Spotlight: Multiple SQL, code injection vulnerabilities in OpenSIS

Yuri Kramarz and Yves Younan discovered these vulnerabilities. Blog by Jon Munshaw Cisco Talos researchers recently discovered multiple vulnerabilities in the OpenSIS software family. OpenSIS is a student information management system for K-12 students. It is available in commercial and open-sour...

1.5AI score
Exploits0
Talos
Talos
added 2020/08/31 12:0 a.m.79 views

OS4Ed openSIS DownloadWindow.php SQL injection vulnerability

Summary An exploitable SQL injection vulnerability exists in the DownloadWindow.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.3...

8.8CVSS7.8AI score0.01803EPSS
Exploits1
Rows per page
Query Builder