CVE-2020-6132: SQL Injection
First published: Tue Sep 01 2020(Updated: )
SQL injection vulnerability exists in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page ChooseCP.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OS4Ed OpenSIS | =7.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2020-6132.
What is the severity of CVE-2020-6132?
The severity of CVE-2020-6132 is high.
What software is affected by CVE-2020-6132?
OS4Ed OpenSIS version 7.3 is affected by CVE-2020-6132.
What is the CWE ID for this vulnerability?
The CWE ID for this vulnerability is CWE-89.
How can I mitigate the risk of CVE-2020-6132?
To mitigate the risk of CVE-2020-6132, apply the latest security patches or updates provided by OS4Ed for OpenSIS version 7.3, and validate user input to prevent SQL injection attacks.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/description
- agent/references
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/os4ed
- canonical/os4ed opensis
- version/os4ed opensis/7.3