CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-39377

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0490%
EPSS Percentile17.93th
Published2021年9月1日
Last Modified2024年11月21日

Vulnerability Description

A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through the index.php username parameter.

Affected Platforms (CPE)

📦
Os4ed

Opensis

= 8.0

References & Advisories

🔗 https://github.com/OS4ED/openSIS-Classic
🔗 https://github.com/security-n/CVE-2021-39377
🔗 https://opensis.com/
🔗 https://github.com/OS4ED/openSIS-Classic
🔗 https://github.com/security-n/CVE-2021-39377
🔗 https://opensis.com/

関連する脆弱性情報

CVE-2020-66379.8

openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php.

CVE-2020-133819.8

openSIS through 7.4 allows SQL Injection.

CVE-2020-133809.8

openSIS before 7.4 allows SQL Injection.

CVE-2020-61419.8

An exploitable SQL injection vulnerability exists in the login functionality of OS4Ed openSIS 7.3. A specially crafted HTTP reques...