CyberSec.Space Logo
Back to CVE Browser

CVE-2020-13381

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1060%
EPSS Percentile11.32th
PublishedJul 1, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

openSIS through 7.4 allows SQL Injection.

Affected Platforms (CPE)

πŸ“¦
Os4ed

Opensis

<= 7.4

References & Advisories

πŸ”— http://packetstormsecurity.com/files/158331/openSIS-7.4-Unauthenticated-PHP-Code-Execution.html
πŸ”— https://github.com/OS4ED/openSIS-Responsive-Design/commits/master
πŸ”— https://packetstormsecurity.com/files/158257/openSIS-7.4-SQL-Injection.html
πŸ”— http://packetstormsecurity.com/files/158331/openSIS-7.4-Unauthenticated-PHP-Code-Execution.html
πŸ”— https://github.com/OS4ED/openSIS-Responsive-Design/commits/master
πŸ”— https://packetstormsecurity.com/files/158257/openSIS-7.4-SQL-Injection.html

Related Vulnerabilities

CVE-2020-66379.8

openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php.

CVE-2020-61419.8

An exploitable SQL injection vulnerability exists in the login functionality of OS4Ed openSIS 7.3. A specially crafted HTTP reques...

CVE-2020-133809.8

openSIS before 7.4 allows SQL Injection.

CVE-2020-61409.8

SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in t...