SQL Injection Vulnerability in OS4Ed openSIS 7.3
CVE-2020-6117

6.4MEDIUM

Key Information:

Vendor

Os4ed

Status
Os4ed"
Vendor
CVE Published:
1 September 2020

What is CVE-2020-6117?

The OS4Ed openSIS 7.3 product contains a SQL injection vulnerability in the CheckDuplicateStudent.php page. This vulnerability arises from improper handling of the 'bday' parameter, allowing an authenticated attacker to exploit the issue through a crafted HTTP request. This exploitation could lead to unauthorized access to sensitive database information, posing significant risks to data integrity and confidentiality.

Affected Version(s)

OS4ED" OS4Ed openSIS 7.3

References

https://talosintelligence.com/vulnerability_reports/TALOS...
x_refsource_MISC

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

CVSS V3.0

Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.