Описание
SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $username_stn_id parameter, which can be manipulated by an attacker to inject arbitrary SQL commands.
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:os4ed:opensis:9.0:*:*:*:*:*:*:*
cpe:2.3:a:os4ed:opensis:9.1:*:*:*:*:*:*:*
EPSS
Процентиль: 86%
0.03031
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 9.8
github
около 1 года назад
SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $username_stn_id parameter, which can be manipulated by an attacker to inject arbitrary SQL commands.
EPSS
Процентиль: 86%
0.03031
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-89