Description
SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page CpSessionSet.php is vulnerable to SQL injection.An attacker can make an authenticated HTTP request to trigger these vulnerabilities.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | OS4ED | affected |
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2020-27283 | SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page CpSessionSet.php is vulnerable to SQL injection.An attacker can make an authenticated HTTP request to trigger these vulnerabilities. |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: talos
Published:
Updated: 2024-08-04T08:55:21.415Z
Reserved: 2020-01-07T00:00:00.000Z
Link: CVE-2020-6129
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-09-01T14:15:14.033
Modified: 2024-11-21T05:35:09.977
Link: CVE-2020-6129
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses