CVE-2020-6131

Severity CVSS v4.0:
Pending analysis
Type:
CWE-89 SQL Injection
Publication date:
01/09/2020
Last modified:
31/05/2022

Description

SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page MassScheduleSessionSet.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:os4ed:opensis:7.3:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools