CVE-2020-6129
6.4
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Summary
SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page CpSessionSet.php is vulnerable to SQL injection.An attacker can make an authenticated HTTP request to trigger these vulnerabilities.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | OS4ED | OS4Ed openSIS 7.3 | affected |
Weaknesses
- CWE-89: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.