SQL Injection Vulnerability Discovered in OpenSIS-Classic v9.1
CVE-2024-46626

8.8HIGH

Key Information:

Vendor: OS4ED
Status: Opensis
Vendor: CVE Published:; 2 October 2024

What is CVE-2024-46626?

The OS4ED openSIS-Classic v9.1 software is prone to a SQL injection vulnerability, which can be exploited by attackers to execute arbitrary SQL queries through carefully crafted input. This flaw poses significant risks, as it can allow unauthorized access to sensitive data and potentially compromise the integrity of the application. Securing the application against such vulnerabilities is crucial for maintaining data confidentiality and application security.

References

https://github.com/d0ub1edd/CVE-Reference/blob/main/CVE-2...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 2, 2024

CVE-2024-46626 Data

JSON