返回 CVE 瀏覽器

CVE-2020-13381

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1060%

EPSS Percentile11.32th

Published2020年7月1日

Last Modified2024年11月21日

Vulnerability Description

openSIS through 7.4 allows SQL Injection.

Affected Platforms (CPE)

📦

Os4ed

Opensis

<= 7.4

References & Advisories

🔗 http://packetstormsecurity.com/files/158331/openSIS-7.4-Unauthenticated-PHP-Code-Execution.html

🔗 https://github.com/OS4ED/openSIS-Responsive-Design/commits/master

🔗 https://packetstormsecurity.com/files/158257/openSIS-7.4-SQL-Injection.html

🔗 http://packetstormsecurity.com/files/158331/openSIS-7.4-Unauthenticated-PHP-Code-Execution.html

🔗 https://github.com/OS4ED/openSIS-Responsive-Design/commits/master

🔗 https://packetstormsecurity.com/files/158257/openSIS-7.4-SQL-Injection.html

相關漏洞威脅

CVE-2020-66379.8

openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php.

CVE-2020-61419.8

An exploitable SQL injection vulnerability exists in the login functionality of OS4Ed openSIS 7.3. A specially crafted HTTP reques...

CVE-2020-133809.8

openSIS before 7.4 allows SQL Injection.

CVE-2020-61409.8

SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in t...