CVE-2020-6127: SQL Injection
First published: Tue Sep 01 2020(Updated: )
SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. The id parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OS4Ed OpenSIS | =7.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-6127?
CVE-2020-6127 is a SQL injection vulnerability that exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3.
How severe is CVE-2020-6127?
CVE-2020-6127 has a severity score of 8.8, which is classified as high.
Which software versions are affected by CVE-2020-6127?
CVE-2020-6127 affects OS4Ed openSIS 7.3.
What is the Common Weakness Enumeration (CWE) ID for CVE-2020-6127?
The Common Weakness Enumeration (CWE) ID for CVE-2020-6127 is CWE-89.
How can I fix the SQL injection vulnerability in CoursePeriodModal.php?
To fix the SQL injection vulnerability in CoursePeriodModal.php, you should implement proper input validation and use parameterized queries or prepared statements.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/os4ed
- canonical/os4ed opensis
- version/os4ed opensis/7.3