CyberSec.Space Logo
返回 CVE 浏览器

CVE-2020-6140

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0740%
EPSS Percentile14.87th
Published2020年9月1日
Last Modified2024年11月21日

Vulnerability Description

SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability.

Affected Platforms (CPE)

📦
Os4ed

Opensis

= 7.3

References & Advisories

🔗 https://talosintelligence.com/vulnerability_reports/TALOS-2020-1080
🔗 https://talosintelligence.com/vulnerability_reports/TALOS-2020-1080

相关漏洞威胁

CVE-2020-66379.8

openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php.

CVE-2020-133819.8

openSIS through 7.4 allows SQL Injection.

CVE-2020-133809.8

openSIS before 7.4 allows SQL Injection.

CVE-2020-61419.8

An exploitable SQL injection vulnerability exists in the login functionality of OS4Ed openSIS 7.3. A specially crafted HTTP reques...