CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-6141

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0310%
EPSS Percentile22.28th
Published2020年9月1日
Last Modified2024年11月21日

Vulnerability Description

An exploitable SQL injection vulnerability exists in the login functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can send an HTTP request to trigger this vulnerability.

Affected Platforms (CPE)

📦
Os4ed

Opensis

= 7.3

References & Advisories

🔗 https://talosintelligence.com/vulnerability_reports/TALOS-2020-1081
🔗 https://talosintelligence.com/vulnerability_reports/TALOS-2020-1081

関連する脆弱性情報

CVE-2020-66379.8

openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php.

CVE-2020-133819.8

openSIS through 7.4 allows SQL Injection.

CVE-2020-133809.8

openSIS before 7.4 allows SQL Injection.

CVE-2020-61409.8

SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in t...