CVE-2021-40353: SQL Injection
First published: Wed Sep 01 2021(Updated: )
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the index.php USERNAME parameter. NOTE: this issue may exist because of an incomplete fix for CVE-2020-6637.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OS4Ed OpenSIS | =8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-40353.
What is the severity of CVE-2021-40353?
CVE-2021-40353 has a severity rating of 9.8 (critical).
What is the affected software for CVE-2021-40353?
The affected software for CVE-2021-40353 is OpenSIS version 8.0.
What is the description of CVE-2021-40353?
CVE-2021-40353 is a SQL injection vulnerability in OpenSIS version 8.0 when MySQL or MariaDB is used as the application database.
How can an attacker exploit CVE-2021-40353?
An attacker can exploit CVE-2021-40353 by issuing a SQL command through the index.php USERNAME parameter.
- collector/nvd-index
- agent/type
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/os4ed
- canonical/os4ed opensis
- version/os4ed opensis/8.0