SQL Injection Vulnerability in OS4Ed openSIS 7.3: Exploiting the course_period_id Parameter in CpSessionSet.php

SQL Injection Vulnerability in OS4Ed openSIS 7.3: Exploiting the course_period_id Parameter in CpSessionSet.php

CVE-2020-6129 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page CpSessionSet.php is vulnerable to SQL injection.An attacker can make an authenticated HTTP request to trigger these vulnerabilities.

Learn more about our Web Application Penetration Testing UK.