Описание
Open Solutions for Education, Inc openSIS Community Edition v8.0 and earlier is vulnerable to SQL Injection via CalendarModal.php.
Open Solutions for Education, Inc openSIS Community Edition v8.0 and earlier is vulnerable to SQL Injection via CalendarModal.php.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-45962
- https://github.com/OS4ED/openSIS-Classic/commit/81799fd1de74d7b4bf3c4c37ad6042214e48a469
- https://github.com/OS4ED/openSIS-Classic/commit/81799fd1de74d7b4bf3c4c37ad6042214e48a469#diff-06a8cd9b045bb97531de5ba5122272ffdd519a78b1daa12060e12e337c8d2016
- https://ccat.gitbook.io/cyber-sec/cve/cve-2022-45962-postauth-sqli
- https://github.com/OS4ED/openSIS-Classic
- https://github.com/OS4ED/openSIS-Classic/blob/381a1ad907285182c88e30b8bb6ce91123d9275d/CalendarModal.php#L30
Связанные уязвимости
CVSS3: 6.5
nvd
почти 3 года назад
Open Solutions for Education, Inc openSIS Community Edition v8.0 and earlier is vulnerable to SQL Injection via CalendarModal.php.