CVE-2020-6118: SQL Injection
First published: Tue Sep 01 2020(Updated: )
SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bmonth parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OS4Ed OpenSIS | =7.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-6118.
What is the severity of CVE-2020-6118?
CVE-2020-6118 has a severity rating of 8.8 (high).
Which software version is affected by CVE-2020-6118?
CVE-2020-6118 affects OS4Ed OpenSIS version 7.3.
Which page in OS4Ed OpenSIS is vulnerable to SQL injection?
The CheckDuplicateStudent.php page in OS4Ed OpenSIS is vulnerable to SQL injection.
How can an attacker exploit CVE-2020-6118?
An attacker can exploit CVE-2020-6118 by making an authenticated HTTP request with a malicious input in the bmonth parameter of the CheckDuplicateStudent.php page.
- collector/nvd-index
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/references
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/os4ed
- canonical/os4ed opensis
- version/os4ed opensis/7.3