3 matches found
CVE-2020-6137
SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The passwordstfemail parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2020-6137
CVE-2020-6137 affects OS4Ed openSIS 7.3 and is a SQL injection in the password reset feature. The vulnerability occurs in ResetUserInfo.php via parameters such as password_stf_email, uname, and related fields, due to insufficient input sanitization, enabling an attacker to craft HTTP requests to ...
CVE-2020-6137
SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The passwordstfemail parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability...