CyberSec.Space Logo
Back to CVE Browser

CVE-2020-6637

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0490%
EPSS Percentile41.28th
PublishedAug 24, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php.

Affected Platforms (CPE)

πŸ“¦
Os4ed

Opensis

= 7.3

References & Advisories

πŸ”— https://cinzinga.com/CVE-2020-6637/
πŸ”— https://github.com/OS4ED/openSIS-Responsive-Design/commit/1127ae0bb7c3a2883febeabc6b71ad8d73510de8
πŸ”— https://opensis.com/
πŸ”— https://sourceforge.net/projects/opensis-ce/files/
πŸ”— https://cinzinga.com/CVE-2020-6637/
πŸ”— https://github.com/OS4ED/openSIS-Responsive-Design/commit/1127ae0bb7c3a2883febeabc6b71ad8d73510de8
πŸ”— https://opensis.com/
πŸ”— https://sourceforge.net/projects/opensis-ce/files/

Related Vulnerabilities

CVE-2020-61419.8

An exploitable SQL injection vulnerability exists in the login functionality of OS4Ed openSIS 7.3. A specially crafted HTTP reques...

CVE-2020-133819.8

openSIS through 7.4 allows SQL Injection.

CVE-2020-133809.8

openSIS before 7.4 allows SQL Injection.

CVE-2020-61409.8

SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in t...