Описание
Due to lack of protection, parameter student_id in OpenSIS Classic 8.0 /modules/eligibility/Student.php can be used to inject SQL queries to extract information from databases.
Ссылки
- ExploitIssue TrackingPatchThird Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:os4ed:opensis:8.0:*:*:*:*:*:*:*
EPSS
Процентиль: 62%
0.00435
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 7.5
github
почти 4 года назад
Due to lack of protection, parameter student_id in OpenSIS Classic 8.0 /modules/eligibility/Student.php can be used to inject SQL queries to extract information from databases.
EPSS
Процентиль: 62%
0.00435
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-89