Filtered by vendor Os4ed
Subscriptions
Total
74 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-6123 | 1 Os4ed | 1 Opensis | 2024-11-21 | 8.8 High |
| An exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. The email parameter in the page EmailCheck.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-6122 | 1 Os4ed | 1 Opensis | 2024-11-21 | 8.8 High |
| SQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The mn parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-6121 | 1 Os4ed | 1 Opensis | 2024-11-21 | 8.8 High |
| SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The ln parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-6120 | 1 Os4ed | 1 Opensis | 2024-11-21 | 8.8 High |
| SQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The fn parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-6119 | 1 Os4ed | 1 Opensis | 2024-11-21 | 8.8 High |
| SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The byear parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-6118 | 1 Os4ed | 1 Opensis | 2024-11-21 | 8.8 High |
| SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bmonth parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-6117 | 1 Os4ed | 1 Opensis | 2024-11-21 | 8.8 High |
| SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bday parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-27409 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.1 Medium |
| OpenSIS Community Edition before 7.5 is affected by a cross-site scripting (XSS) vulnerability in SideForStudent.php via the modname parameter. | ||||
| CVE-2020-27408 | 1 Os4ed | 1 Opensis | 2024-11-21 | 7.5 High |
| OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users. | ||||
| CVE-2020-13383 | 1 Os4ed | 1 Opensis | 2024-11-21 | 7.5 High |
| openSIS through 7.4 allows Directory Traversal. | ||||
| CVE-2020-13382 | 1 Os4ed | 1 Opensis | 2024-11-21 | 9.1 Critical |
| openSIS through 7.4 has Incorrect Access Control. | ||||
| CVE-2020-13381 | 1 Os4ed | 1 Opensis | 2024-11-21 | 9.8 Critical |
| openSIS through 7.4 allows SQL Injection. | ||||
| CVE-2020-13380 | 1 Os4ed | 1 Opensis | 2024-11-21 | 9.8 Critical |
| openSIS before 7.4 allows SQL Injection. | ||||
| CVE-2024-46626 | 1 Os4ed | 1 Opensis | 2024-10-04 | 8.8 High |
| OS4ED openSIS-Classic v9.1 was discovered to contain a SQL injection vulnerability via a crafted payload. | ||||