Filtered by vendor Os4ed
Subscriptions
Total
72 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-6121 | 1 Os4ed | 1 Opensis | 2024-11-21 | 8.8 High |
| SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The ln parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-6120 | 1 Os4ed | 1 Opensis | 2024-11-21 | 8.8 High |
| SQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The fn parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-6119 | 1 Os4ed | 1 Opensis | 2024-11-21 | 8.8 High |
| SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The byear parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-6118 | 1 Os4ed | 1 Opensis | 2024-11-21 | 8.8 High |
| SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bmonth parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-6117 | 1 Os4ed | 1 Opensis | 2024-11-21 | 8.8 High |
| SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bday parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-27409 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.1 Medium |
| OpenSIS Community Edition before 7.5 is affected by a cross-site scripting (XSS) vulnerability in SideForStudent.php via the modname parameter. | ||||
| CVE-2020-27408 | 1 Os4ed | 1 Opensis | 2024-11-21 | 7.5 High |
| OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users. | ||||
| CVE-2020-13383 | 1 Os4ed | 1 Opensis | 2024-11-21 | 7.5 High |
| openSIS through 7.4 allows Directory Traversal. | ||||
| CVE-2020-13382 | 1 Os4ed | 1 Opensis | 2024-11-21 | 9.1 Critical |
| openSIS through 7.4 has Incorrect Access Control. | ||||
| CVE-2020-13381 | 1 Os4ed | 1 Opensis | 2024-11-21 | 9.8 Critical |
| openSIS through 7.4 allows SQL Injection. | ||||
| CVE-2020-13380 | 1 Os4ed | 1 Opensis | 2024-11-21 | 9.8 Critical |
| openSIS before 7.4 allows SQL Injection. | ||||
| CVE-2024-46626 | 1 Os4ed | 1 Opensis | 2024-10-04 | 8.8 High |
| OS4ED openSIS-Classic v9.1 was discovered to contain a SQL injection vulnerability via a crafted payload. | ||||