715 matches found
OS4Ed openSIS course_period_id parameter multiple SQL injection vulnerabilities
Summary Multiple exploitable SQL injection vulnerabilities exist in the courseperiodid parameters used in OS4Ed openSIS 7.3 pages. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. Tested Versions OS4Ed...
OS4Ed openSIS CoursePeriodModal.php page multiple SQL injection vulnerabilities
Summary Multiple exploitable SQL injection vulnerabilities exist in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. Tested Versions OS4Ed openSIS 7...
OS4Ed openSIS Modules.php remote code execution vulnerability
Summary A remote code execution vulnerability exists in the Modules.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can cause local file inclusion. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.3 Product URLs...
OS4Ed openSIS Password Reset Multiple SQL injection vulnerabilities
Summary Multiple SQL injection vulnerabilities exist in the password reset functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.3 Product URLs...
OS4Ed openSIS email parameter SQL injection vulnerability
Summary An exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.3...
OS4Ed openSIS Validator.php SQL injection vulnerability
Summary An exploitable SQL injection vulnerability exists in the Validator.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.3 Produc...
OS4Ed openSIS GetSchool.php SQL injection Vulnerability
Summary An exploitable SQL injection vulnerability exists in the GetSchool.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.3 Produc...
OS4Ed openSIS install remote code execution vulnerability
Summary A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. A specially crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.4 Product URLs...
OS4Ed openSIS id parameter multiple SQL injection vulnerabilities
Summary Multiple exploitable SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. Tested Versions OS4Ed openSIS 7.3...
OS4Ed openSIS login SQL injection vulnerability
Summary An exploitable SQL injection vulnerability exists in the login functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.3 Product URLs...
OS4Ed openSIS CheckDuplicateStudent.php page SQL injection vulnerability
Talos Vulnerability Report TALOS-2020-1072 OS4Ed openSIS CheckDuplicateStudent.php page SQL injection vulnerability August 31, 2020 CVE Number CVE-2020-6117,CVE-2020-6119,CVE-2020-6121,CVE-2020-6118,CVE-2020-6120,CVE-2020-6122 SUMMARY Multiple exploitable SQL injection vulnerabilities exist in th...
CVE-2020-6637
openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php...
CVE-2020-6637
openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php...
Sql injection
openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php...
CVE-2020-6637
openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php...
CVE-2020-6637
OpenSIS Community Edition 7.3 is affected by CVE-2020-6637: a SQL injection through the USERNAME parameter in index.php. The Nuclei template confirms SQLi in OpenSIS 7.3 and describes the impact as the ability to execute arbitrary SQL queries, potentially leading to data access or manipulation. T...
openSIS 7.4 Unauthenticated PHP Code Execution Exploit
This Metasploit module exploits multiple vulnerabilities in openSIS 7.4 and prior versions which could be abused by unauthenticated attackers to execute arbitrary PHP code with the permissions of the webserver. The exploit chain abuses an incorrect access control issue which allows access to...
openSIS 7.4 Unauthenticated PHP Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'openSIS Unauthenticated PHP Code Execution', 'Description' = %q This module exploits multiple vulnerabilities in openSIS 7.4 and prior versions...
Unspecified Vulnerability in Open Solutions for Education openSIS (CNVD-2021-19767)
Open Solutions for Education openSIS is a U.S. Open Solutions for Education, Inc. open source student information management system . A security vulnerability exists in Open Solutions for Education openSIS 7.4 and prior versions that stems from improper access control. An attacker could exploit t...
Unspecified Vulnerability in Open Solutions for Education openSIS
Open Solutions for Education openSIS is a U.S. Open Solutions for Education, Inc. open source student information management system . A security vulnerability exists in the /Bottom.php script in Open Solutions for Education openSIS 7.4 and earlier versions. An attacker can exploit this...