openSIS SQL Injection Vulnerability (CNVD-2020-50947)

openSIS is a free, open source student information system/school management software. An SQL injection vulnerability exists in the id parameter in ChooseCP.php in OS4Ed openSIS 7.3, which can be exploited by an attacker sending an HTTP request to conduct an SQL injection attack...

CVE-2020-6132

SQL injection vulnerability exists in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page ChooseCP.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2020-6132

SQL injection vulnerability exists in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page ChooseCP.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...

Sql injection

SQL injection vulnerability exists in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page ChooseCP.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...

OS4Ed openSIS id parameter multiple SQL injection vulnerabilities

Summary Multiple exploitable SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. Tested Versions OS4Ed openSIS 7.3...