4 matches found
EUVD-2021-27531
Malicious code in bioql PyPI...
CVE-2020-6637
openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php...
Sql injection
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the index.php USERNAME parameter. NOTE: this issue may exist because of an incomplete fix for CVE-2020-6637...
CVE-2020-6637
OpenSIS Community Edition 7.3 is affected by CVE-2020-6637: a SQL injection through the USERNAME parameter in index.php. The Nuclei template confirms SQLi in OpenSIS 7.3 and describes the impact as the ability to execute arbitrary SQL queries, potentially leading to data access or manipulation. T...