Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Opensis
(Os4ed)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 65 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-07-01 | CVE-2020-13380 | openSIS before 7.4 allows SQL Injection. | Opensis | 9.8 | ||
| 2020-07-01 | CVE-2020-13381 | openSIS through 7.4 allows SQL Injection. | Opensis | 9.8 | ||
| 2020-07-01 | CVE-2020-13382 | openSIS through 7.4 has Incorrect Access Control. | Opensis | 9.1 | ||
| 2020-07-01 | CVE-2020-13383 | openSIS through 7.4 allows Directory Traversal. | Opensis | 7.5 | ||
| 2020-08-24 | CVE-2020-6637 | openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php. | Opensis | 9.8 | ||
| 2020-09-01 | CVE-2020-6117 | SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bday parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | Opensis | 8.8 | ||
| 2020-09-01 | CVE-2020-6118 | SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bmonth parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | Opensis | 8.8 | ||
| 2020-09-01 | CVE-2020-6119 | SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The byear parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | Opensis | 8.8 | ||
| 2020-09-01 | CVE-2020-6120 | SQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The fn parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | Opensis | 8.8 | ||
| 2020-09-01 | CVE-2020-6121 | SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The ln parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | Opensis | 8.8 |