CyberSec.Space Logo
Back to CVE Browser

CVE-2021-39377

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0490%
EPSS Percentile17.93th
PublishedSep 1, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through the index.php username parameter.

Affected Platforms (CPE)

πŸ“¦
Os4ed

Opensis

= 8.0

References & Advisories

πŸ”— https://github.com/OS4ED/openSIS-Classic
πŸ”— https://github.com/security-n/CVE-2021-39377
πŸ”— https://opensis.com/
πŸ”— https://github.com/OS4ED/openSIS-Classic
πŸ”— https://github.com/security-n/CVE-2021-39377
πŸ”— https://opensis.com/

Related Vulnerabilities

CVE-2020-66379.8

openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php.

CVE-2020-133819.8

openSIS through 7.4 allows SQL Injection.

CVE-2020-133809.8

openSIS before 7.4 allows SQL Injection.

CVE-2020-61419.8

An exploitable SQL injection vulnerability exists in the login functionality of OS4Ed openSIS 7.3. A specially crafted HTTP reques...