715 matches found
CVE-2020-13380
openSIS before 7.4 allows SQL Injection...
CVE-2020-13380
OpenSIS 7.4 and earlier are affected by a SQL Injection vulnerability. The issue arises from insufficient validation of externally supplied SQL statements in database-backed components, enabling potentially unauthorized data access and manipulation. Affected parts include multiple endpoints (e.g....
OpenSIS 7.4 SQL Injection
SQL Injection vulnerability in OpenSIS eventid parameter Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...
PT-2020-13508 · Os4Ed · Opensis
Name of the Vulnerable Software and Affected Versions: openSIS versions prior to 7.5 Description: The issue allows Directory Traversal. Recommendations: For openSIS versions prior to 7.5, update to version 7.5 or later to resolve the issue...
PT-2020-13506 · Os4Ed · Opensis
Name of the Vulnerable Software and Affected Versions: openSIS versions prior to 7.5 Description: The issue allows SQL Injection. Recommendations: For openSIS versions prior to 7.5, update to version 7.5 or later to resolve the issue...
openSIS Unauthenticated PHP Code Execution
This module exploits multiple vulnerabilities in openSIS 7.4 and prior versions which could be abused by unauthenticated attackers to execute arbitrary PHP code with the permissions of the webserver. The exploit chain abuses an incorrect access control issue which allows access to scripts which...
openSIS 7.4 Multiple SQL Injection Vulnerabilties
Exploit for php platform in category web applications ----------------------------------------------------- openSIS = 7.4 Multiple SQL Injection Vulnerabilities ----------------------------------------------------- - Software Link: https://opensis.com/ - Affected Versions: Version 7.4 and prior...
openSIS 7.4 Local File Inclusion Vulnerability
Exploit for php platform in category web applications -------------------------------------------------------------- openSIS = 7.4 Bottom.php Local File Inclusion Vulnerability -------------------------------------------------------------- - Software Link: https://opensis.com/ - Affected Versions...
openSIS 7.4 SQL Injection
----------------------------------------------------- openSIS = 7.4 Multiple SQL Injection Vulnerabilities ----------------------------------------------------- - Software Link: https://opensis.com/ - Affected Versions: Version 7.4 and prior versions. - Vulnerabilities Description: The applicatio...
openSIS 7.4 Incorrect Access Control
------------------------------------------------------- openSIS = 7.4 Incorrect Access Control Vulnerabilities ------------------------------------------------------- - Software Link: https://opensis.com/ - Affected Versions: Version 7.4 and prior versions. - Vulnerabilities Description: The...
openSIS 7.4 Incorrect Access Control Vulnerability
Exploit for php platform in category web applications ------------------------------------------------------- openSIS = 7.4 Incorrect Access Control Vulnerabilities ------------------------------------------------------- - Software Link: https://opensis.com/ - Affected Versions: Version 7.4 and...
openSIS 7.4 Local File Inclusion
-------------------------------------------------------------- openSIS = 7.4 Bottom.php Local File Inclusion Vulnerability -------------------------------------------------------------- - Software Link: https://opensis.com/ - Affected Versions: Version 7.4 and prior versions. - Vulnerability...
CVE-2014-8366
SQL injection vulnerability in openSIS 4.5 through 5.3 allows remote attackers to execute arbitrary SQL commands via the Username and password to index.php...
Sql injection
SQL injection vulnerability in openSIS 4.5 through 5.3 allows remote attackers to execute arbitrary SQL commands via the Username and password to index.php...
CVE-2014-8366
SQL injection vulnerability in openSIS 4.5 through 5.3 allows remote attackers to execute arbitrary SQL commands via the Username and password to index.php...
CVE-2014-8366
SQL injection vulnerability in openSIS 4.5 through 5.3 allows remote attackers to execute arbitrary SQL commands via the Username and password to index.php...
CVE-2014-8366
CVE-2014-8366 affects openSIS 4.5–5.3, where an SQL injection flaw in index.php allows remote attackers to execute arbitrary SQL via the Username and password fields. Root cause is improper handling of user-supplied input in the login mechanism, enabling manipulation of the underlying database. R...
OpenSIS ajax.php modname Code Execution (CVE-2013-1349)
A remote code execution vulnerability has been reported in OpenSIS. The vulnerability is due to insufficient validation of modname parameter while parsing requests to ajax.php module. A remote attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable server...
openSIS 4.5/5.3 'index.php' SQLi Vulnerability - Active Check
openSIS is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OpenSIS 'modname' - PHP Code Execution
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def...