EUVD-2020-27279

Malware in sbrugna...

CVE-2020-6125

An exploitable SQL injection vulnerability exists in the GetSchool.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2020-6125

An exploitable SQL injection vulnerability exists in the GetSchool.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...

Sql injection

An exploitable SQL injection vulnerability exists in the GetSchool.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2020-6125

An exploitable SQL injection vulnerability exists in the GetSchool.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2020-6125

OS4Ed openSIS 7.3 is affected by a SQL injection in GetSchool.php via the u parameter. The vulnerability allows an authenticated HTTP request to trigger SQL injection, potentially leaking or altering data. TALOS documents the vulnerable code path (GET /opensis/GetSchool.php?title=1&course_period_...

OS4Ed openSIS GetSchool.php SQL injection Vulnerability

Summary An exploitable SQL injection vulnerability exists in the GetSchool.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.3 Produc...