First published: Tue Sep 01 2020(Updated: )
SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. The meet_date parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
OS4Ed OpenSIS | =7.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-6128 is a SQL injection vulnerability in the CoursePeriodModal.php page of OS4Ed openSIS 7.3.
CVE-2020-6128 has a severity rating of 8.8 (high).
The affected software version of CVE-2020-6128 is OS4Ed openSIS 7.3.
An attacker can exploit CVE-2020-6128 by sending a specially crafted HTTP request containing malicious SQL code in the meet_date parameter of the CoursePeriodModal.php page.
There is currently no known fix or patch available for CVE-2020-6128. It is recommended to apply security updates or contact the vendor for further information.