Total
65 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-6128 | 1 Os4ed | 1 Opensis | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. The meet_date parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
CVE-2020-13380 | 1 Os4ed | 1 Opensis | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
openSIS before 7.4 allows SQL Injection. | |||||
CVE-2020-6140 | 1 Os4ed | 1 Opensis | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2014-8366 | 1 Os4ed | 1 Opensis | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in openSIS 4.5 through 5.3 allows remote attackers to execute arbitrary SQL commands via the Username and password to index.php. | |||||
CVE-2013-1349 | 1 Os4ed | 1 Opensis | 2024-02-04 | 7.5 HIGH | N/A |
Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter. |