CVE-2020-6133: SQL Injection
First published: Tue Sep 01 2020(Updated: )
SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page CourseMoreInfo.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OS4ED openSIS-Classic | =7.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2020-6133?
The severity of CVE-2020-6133 is high.
What is the affected software for CVE-2020-6133?
The affected software for CVE-2020-6133 is OS4Ed OpenSIS 7.3.
How does the SQL injection vulnerability in CVE-2020-6133 occur?
The SQL injection vulnerability in CVE-2020-6133 occurs in the ID parameter of the page CourseMoreInfo.php in OS4Ed OpenSIS 7.3, allowing an attacker to execute arbitrary SQL queries.
What can an attacker do with the SQL injection vulnerability in CVE-2020-6133?
An attacker can make an authenticated HTTP request to trigger the SQL injection vulnerability in CVE-2020-6133 and potentially gain unauthorized access to the database or execute malicious SQL queries.
How can I mitigate the SQL injection vulnerability in CVE-2020-6133?
To mitigate the SQL injection vulnerability in CVE-2020-6133, it is recommended to apply the necessary patches or updates provided by OS4Ed OpenSIS.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/os4ed
- canonical/os4ed opensis-classic
- version/os4ed opensis-classic/7.3