CVEブラウザに戻る

CVE-2020-13380

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0530%

EPSS Percentile24.87th

Published2020年7月1日

Last Modified2024年11月21日

Vulnerability Description

openSIS before 7.4 allows SQL Injection.

Affected Platforms (CPE)

📦

Os4ed

Opensis

<= 7.4

References & Advisories

🔗 https://github.com/OS4ED/openSIS-Responsive-Design/commit/1127ae0bb7c3a2883febeabc6b71ad8d73510de8

🔗 https://packetstormsecurity.com/files/158257/openSIS-7.4-SQL-Injection.html

🔗 https://github.com/OS4ED/openSIS-Responsive-Design/commit/1127ae0bb7c3a2883febeabc6b71ad8d73510de8

🔗 https://packetstormsecurity.com/files/158257/openSIS-7.4-SQL-Injection.html

関連する脆弱性情報

CVE-2020-66379.8

openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php.

CVE-2020-61419.8

An exploitable SQL injection vulnerability exists in the login functionality of OS4Ed openSIS 7.3. A specially crafted HTTP reques...

CVE-2020-133819.8

openSIS through 7.4 allows SQL Injection.

CVE-2020-61409.8

SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in t...