CyberSec.Space Logo
Back to CVE Browser

CVE-2020-13380

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0530%
EPSS Percentile24.87th
PublishedJul 1, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

openSIS before 7.4 allows SQL Injection.

Affected Platforms (CPE)

πŸ“¦
Os4ed

Opensis

<= 7.4

References & Advisories

πŸ”— https://github.com/OS4ED/openSIS-Responsive-Design/commit/1127ae0bb7c3a2883febeabc6b71ad8d73510de8
πŸ”— https://packetstormsecurity.com/files/158257/openSIS-7.4-SQL-Injection.html
πŸ”— https://github.com/OS4ED/openSIS-Responsive-Design/commit/1127ae0bb7c3a2883febeabc6b71ad8d73510de8
πŸ”— https://packetstormsecurity.com/files/158257/openSIS-7.4-SQL-Injection.html

Related Vulnerabilities

CVE-2020-66379.8

openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php.

CVE-2020-61419.8

An exploitable SQL injection vulnerability exists in the login functionality of OS4Ed openSIS 7.3. A specially crafted HTTP reques...

CVE-2020-133819.8

openSIS through 7.4 allows SQL Injection.

CVE-2020-61409.8

SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in t...