715 matches found
CVE-2020-6123
An exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. The email parameter in the page EmailCheck.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2020-6123
OS4Ed openSIS 7.3 is affected by CVE-2020-6123 due to SQL injection in the email parameter of EmailCheck.php and EmailCheckOthers.php. The TALOS advisory provides concrete details: vulnerable code directly interpolates $_REQUEST['email'] into SQL queries without proper sanitization, enabling an a...
CVE-2020-6122
SQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The mn parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2020-6122
The TALOS report confirms a SQL injection in OS4Ed openSIS 7.3, specifically CheckDuplicateStudent.php where user-controlled parameters (fn, mn, ln, byear, bmonth, bday) are interpolated into SQL queries without proper sanitization. The vulnerability affects multiple parameters (notably mn) and c...
CVE-2020-6121
SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The ln parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2020-6121
OS4Ed openSIS 7.3 is affected by multiple SQL injection vulnerabilities in CheckDuplicateStudent.php. The vulnerabilities concern parameters fn, mn, ln, byear, bmonth, and bday, which can be injected to alter SQL queries used to locate existing students. Talos documents exploit paths involving co...
CVE-2020-6120
OS4Ed openSIS 7.3 is vulnerable to SQL injection in CheckDuplicateStudent.php. TALOS documents multiple injectable parameters (fn, mn, ln, byear, bmonth, bday) used in a query that joins students and enrollment data, enabling authenticated HTTP requests to trigger the vulnerability. Affected code...
CVE-2020-6120
SQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The fn parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2020-6119
OS4Ed openSIS 7.3 is affected by SQL injection in CheckDuplicateStudent.php (byear, and related params such as bday, bmonth, fn, mn, ln). The TALOS report TALOS-2020-1072 documents multiple SQL injections via building SQL with unsanitized inputs in CheckDuplicateStudent at lines 64–66, enabling a...
CVE-2020-6118
OS4Ed openSIS 7.3 is affected by multiple SQL injection vulnerabilities in CheckDuplicateStudent.php, specifically via the parameters fn, mn, ln, byear, bmonth, and bday. Talos documents that the vulnerable code constructs dynamic SQL queries using user-supplied values without proper parameteriza...
CVE-2020-6117
Summary: CVE-2020-6117 affects OS4Ed openSIS 7.3. The vulnerability is a SQL injection in the PHP page CheckDuplicateStudent.php, exploitable via the bday/byear/bmonth/fn/ln/mn parameters used to build a birthdate-based query. The TALOS report details the vulnerable code paths (lines where the qu...
CVE-2020-6117
SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bday parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2020-6131
CVE-2020-6131 relates to multiple SQL injection vulnerabilities in OS4Ed openSIS 7.3 where the course_period_id parameter across several pages (MassScheduleSessionSet.php, MassDropSessionSet.php, CpSessionSet.php) is directly interpolated into SQL queries. The root cause is lacking input sanitiza...
CVE-2020-6131
SQL injection vulnerabilities exist in the courseperiodid parameters used in OS4Ed openSIS 7.3 pages. The courseperiodid parameter in the page MassScheduleSessionSet.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities...
CVE-2020-6130
SQL injection vulnerabilities exist in the courseperiodid parameters used in OS4Ed openSIS 7.3 pages. The courseperiodid parameter in the page MassDropSessionSet.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities...
CVE-2020-6130
OS4Ed openSIS 7.3 is affected by multiple SQL injection vulnerabilities in the course_period_id parameter across several pages (MassDropSessionSet.php, MassScheduleSessionSet.php, CpSessionSet.php) and related code paths. The underlying cause is improper handling of COURSE_PERIOD_ID, enabling an ...
CVE-2020-6129
SQL injection vulnerabilities exist in the courseperiodid parameters used in OS4Ed openSIS 7.3 pages. The courseperiodid parameter in the page CpSessionSet.php is vulnerable to SQL injection.An attacker can make an authenticated HTTP request to trigger these vulnerabilities...
CVE-2020-6129
CVE-2020-6129 affects OS4Ed openSIS 7.3. Multiple SQL injection vulnerabilities exist in the course_period_id parameter across CpSessionSet.php and related MassSchedule/MassDrops/MassScheduleSessionSet.php endpoints. An authenticated HTTP request can trigger the vulnerability, with the attacker e...
Vulnerability Spotlight: Multiple SQL, code injection vulnerabilities in OpenSIS
Yuri Kramarz and Yves Younan discovered these vulnerabilities. Blog by Jon Munshaw Cisco Talos researchers recently discovered multiple vulnerabilities in the OpenSIS software family. OpenSIS is a student information management system for K-12 students. It is available in commercial and open-sour...
OS4Ed openSIS DownloadWindow.php SQL injection vulnerability
Summary An exploitable SQL injection vulnerability exists in the DownloadWindow.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.3...