SQL Injection Vulnerability in OS4Ed openSIS 7.3: MassScheduleSessionSet.php

SQL Injection Vulnerability in OS4Ed openSIS 7.3: MassScheduleSessionSet.php

CVE-2020-6131 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page MassScheduleSessionSet.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.

Learn more about our Web Application Penetration Testing UK.