Lucene search
K

715 matches found

Talos
Talos
added 2020/08/31 12:0 a.m.101 views

OS4Ed openSIS course_period_id parameter multiple SQL injection vulnerabilities

Summary Multiple exploitable SQL injection vulnerabilities exist in the courseperiodid parameters used in OS4Ed openSIS 7.3 pages. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. Tested Versions OS4Ed...

8.8CVSS8.1AI score0.01403EPSS
Exploits3
Talos
Talos
added 2020/08/31 12:0 a.m.105 views

OS4Ed openSIS CoursePeriodModal.php page multiple SQL injection vulnerabilities

Summary Multiple exploitable SQL injection vulnerabilities exist in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. Tested Versions OS4Ed openSIS 7...

8.8CVSS8.1AI score0.01766EPSS
Exploits3
Talos
Talos
added 2020/08/31 12:0 a.m.79 views

OS4Ed openSIS Modules.php remote code execution vulnerability

Summary A remote code execution vulnerability exists in the Modules.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can cause local file inclusion. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.3 Product URLs...

9.9CVSS9.7AI score0.0924EPSS
Exploits1
Talos
Talos
added 2020/08/31 12:0 a.m.85 views

OS4Ed openSIS Password Reset Multiple SQL injection vulnerabilities

Summary Multiple SQL injection vulnerabilities exist in the password reset functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.3 Product URLs...

9.8CVSS9.9AI score0.02634EPSS
Exploits3
Talos
Talos
added 2020/08/31 12:0 a.m.102 views

OS4Ed openSIS email parameter SQL injection vulnerability

Summary An exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.3...

8.8CVSS7.7AI score0.01403EPSS
Exploits2
Talos
Talos
added 2020/08/31 12:0 a.m.72 views

OS4Ed openSIS Validator.php SQL injection vulnerability

Summary An exploitable SQL injection vulnerability exists in the Validator.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.3 Produc...

8.8CVSS7.9AI score0.01803EPSS
Exploits1
Talos
Talos
added 2020/08/31 12:0 a.m.73 views

OS4Ed openSIS GetSchool.php SQL injection Vulnerability

Summary An exploitable SQL injection vulnerability exists in the GetSchool.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.3 Produc...

8.8CVSS7.8AI score0.01803EPSS
Exploits1
Talos
Talos
added 2020/08/31 12:0 a.m.73 views

OS4Ed openSIS install remote code execution vulnerability

Summary A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. A specially crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.4 Product URLs...

10CVSS10AI score0.06172EPSS
Exploits2
Talos
Talos
added 2020/08/31 12:0 a.m.92 views

OS4Ed openSIS id parameter multiple SQL injection vulnerabilities

Summary Multiple exploitable SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. Tested Versions OS4Ed openSIS 7.3...

8.8CVSS8.1AI score0.01403EPSS
Exploits3
Talos
Talos
added 2020/08/31 12:0 a.m.94 views

OS4Ed openSIS login SQL injection vulnerability

Summary An exploitable SQL injection vulnerability exists in the login functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.3 Product URLs...

9.8CVSS9.9AI score0.03938EPSS
Exploits1
Talos
Talos
added 2020/08/31 12:0 a.m.112 views

OS4Ed openSIS CheckDuplicateStudent.php page SQL injection vulnerability

Talos Vulnerability Report TALOS-2020-1072 OS4Ed openSIS CheckDuplicateStudent.php page SQL injection vulnerability August 31, 2020 CVE Number CVE-2020-6117,CVE-2020-6119,CVE-2020-6121,CVE-2020-6118,CVE-2020-6120,CVE-2020-6122 SUMMARY Multiple exploitable SQL injection vulnerabilities exist in th...

8.8CVSS8.1AI score0.01403EPSS
Exploits6
NVD
NVD
added 2020/08/24 7:15 p.m.18 views

CVE-2020-6637

openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php...

9.8CVSS9.9AI score0.20058EPSS
Exploits1References4
OSV
OSV
added 2020/08/24 7:15 p.m.11 views

CVE-2020-6637

openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php...

9.8CVSS7.7AI score0.20058EPSS
Exploits1References4
Prion
Prion
added 2020/08/24 7:15 p.m.14 views

Sql injection

openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php...

7.5CVSS9.8AI score0.20058EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2020/08/24 7:1 p.m.26 views

CVE-2020-6637

openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php...

9.9AI score0.20058EPSS
Exploits1References4
CVE
CVE
added 2020/08/24 7:1 p.m.61 views

CVE-2020-6637

OpenSIS Community Edition 7.3 is affected by CVE-2020-6637: a SQL injection through the USERNAME parameter in index.php. The Nuclei template confirms SQLi in OpenSIS 7.3 and describes the impact as the ability to execute arbitrary SQL queries, potentially leading to data access or manipulation. T...

9.8CVSS9.7AI score0.20058EPSS
Exploits1References4Affected Software1
0day.today
0day.today
added 2020/07/07 12:0 a.m.276 views

openSIS 7.4 Unauthenticated PHP Code Execution Exploit

This Metasploit module exploits multiple vulnerabilities in openSIS 7.4 and prior versions which could be abused by unauthenticated attackers to execute arbitrary PHP code with the permissions of the webserver. The exploit chain abuses an incorrect access control issue which allows access to...

9.8CVSS9.1AI score0.69605EPSS
Exploits12
Packet Storm
Packet Storm
added 2020/07/06 12:0 a.m.176 views

openSIS 7.4 Unauthenticated PHP Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'openSIS Unauthenticated PHP Code Execution', 'Description' = %q This module exploits multiple vulnerabilities in openSIS 7.4 and prior versions...

7.5CVSS0.7AI score0.69605EPSS
Exploits12
CNVD
CNVD
added 2020/07/02 12:0 a.m.7 views

Unspecified Vulnerability in Open Solutions for Education openSIS (CNVD-2021-19767)

Open Solutions for Education openSIS is a U.S. Open Solutions for Education, Inc. open source student information management system . A security vulnerability exists in Open Solutions for Education openSIS 7.4 and prior versions that stems from improper access control. An attacker could exploit t...

9.1CVSS6.5AI score0.52814EPSS
Exploits6References1
CNVD
CNVD
added 2020/07/02 12:0 a.m.7 views

Unspecified Vulnerability in Open Solutions for Education openSIS

Open Solutions for Education openSIS is a U.S. Open Solutions for Education, Inc. open source student information management system . A security vulnerability exists in the /Bottom.php script in Open Solutions for Education openSIS 7.4 and earlier versions. An attacker can exploit this...

7.5CVSS7AI score0.69605EPSS
Exploits6References1
Rows per page
Query Builder