An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1) ADDR_CONT_USRN, 2) ADDR_CONT_PSWD, 3) SECN_CONT_USRN or 4) SECN_CONT_PSWD parameters in HoldAddressFields.php.
References
| Link | Resource |
|---|---|
| https://github.com/OS4ED/openSIS-Classic/issues/193 | Exploit Issue Tracking Third Party Advisory |
| https://github.com/OS4ED/openSIS-Classic/issues/193 | Exploit Issue Tracking Third Party Advisory |
Configurations
History
21 Nov 2024, 06:24
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/OS4ED/openSIS-Classic/issues/193 - Exploit, Issue Tracking, Third Party Advisory |
19 Oct 2021, 12:33
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
| CPE | cpe:2.3:a:os4ed:opensis:8.0:*:*:*:community:*:*:* | |
| CWE | CWE-89 | |
| References | (MISC) https://github.com/OS4ED/openSIS-Classic/issues/193 - Exploit, Issue Tracking, Third Party Advisory |
12 Oct 2021, 19:49
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2021-10-12 18:15
Updated : 2024-11-21 06:24
NVD link : CVE-2021-40618
Mitre link : CVE-2021-40618
CVE.ORG link : CVE-2021-40618
JSON object : View
Products Affected
os4ed
- opensis
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')