CVE-2020-6121: SQL Injection
First published: Tue Sep 01 2020(Updated: )
SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The ln parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OS4Ed OpenSIS | =7.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this SQL injection vulnerability?
The vulnerability ID is CVE-2020-6121.
What software version is affected by this SQL injection vulnerability?
OS4Ed OpenSIS version 7.3 is affected by this SQL injection vulnerability.
What is the severity rating of CVE-2020-6121?
The severity rating of CVE-2020-6121 is high (8.8).
Which page is vulnerable to SQL injection in OS4Ed OpenSIS 7.3?
The CheckDuplicateStudent.php page in OS4Ed OpenSIS 7.3 is vulnerable to SQL injection.
How can an attacker exploit this SQL injection vulnerability?
An attacker can make an authenticated HTTP request to trigger this SQL injection vulnerability.
- collector/nvd-index
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/references
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/os4ed
- canonical/os4ed opensis
- version/os4ed opensis/7.3