SQL Injection Vulnerability in CoursePeriodModal.php of OS4Ed openSIS 7.3

SQL Injection Vulnerability in CoursePeriodModal.php of OS4Ed openSIS 7.3

CVE-2020-6128 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. The meet_date parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Learn more about our Web Application Penetration Testing UK.