CVE-2020-6134: SQL Injection
First published: Tue Sep 01 2020(Updated: )
SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page MassDropModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OS4Ed OpenSIS | =7.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-6134?
CVE-2020-6134 is a SQL injection vulnerability in the ID parameters of OS4Ed openSIS 7.3 pages.
How severe is CVE-2020-6134?
CVE-2020-6134 has a severity rating of 8.8 (high).
What is the affected software for CVE-2020-6134?
The affected software for CVE-2020-6134 is OS4Ed OpenSIS 7.3.
How can an attacker exploit CVE-2020-6134?
An attacker can exploit CVE-2020-6134 by making an authenticated HTTP request with a malicious ID parameter to trigger the SQL injection vulnerability.
Is there a fix available for CVE-2020-6134?
Currently, there is no information available regarding a fix for CVE-2020-6134. It is recommended to follow the vendor's advisories and implement any provided patches or updates when they become available.
- collector/nvd-index
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/os4ed
- canonical/os4ed opensis
- version/os4ed opensis/7.3