5 matches found
CVE-2020-6129
SQL injection vulnerabilities exist in the courseperiodid parameters used in OS4Ed openSIS 7.3 pages. The courseperiodid parameter in the page CpSessionSet.php is vulnerable to SQL injection.An attacker can make an authenticated HTTP request to trigger these vulnerabilities...
CVE-2020-6129
SQL injection vulnerabilities exist in the courseperiodid parameters used in OS4Ed openSIS 7.3 pages. The courseperiodid parameter in the page CpSessionSet.php is vulnerable to SQL injection.An attacker can make an authenticated HTTP request to trigger these vulnerabilities...
CVE-2020-6129
SQL injection vulnerabilities exist in the courseperiodid parameters used in OS4Ed openSIS 7.3 pages. The courseperiodid parameter in the page CpSessionSet.php is vulnerable to SQL injection.An attacker can make an authenticated HTTP request to trigger these vulnerabilities...
CVE-2020-6129
CVE-2020-6129 affects OS4Ed openSIS 7.3. Multiple SQL injection vulnerabilities exist in the course_period_id parameter across CpSessionSet.php and related MassSchedule/MassDrops/MassScheduleSessionSet.php endpoints. An authenticated HTTP request can trigger the vulnerability, with the attacker e...
OS4Ed openSIS course_period_id parameter multiple SQL injection vulnerabilities
Summary Multiple exploitable SQL injection vulnerabilities exist in the courseperiodid parameters used in OS4Ed openSIS 7.3 pages. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. Tested Versions OS4Ed...