CVE-2020-13381

CRITICAL

openSIS <7.4 - SQL Injection

Title source: llm

Description

openSIS through 7.4 allows SQL Injection.

Exploits (1)

metasploit WORKING POC EXCELLENT

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/opensis_chain_exec.rb

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/158331/openSIS-7.4-Unauthenticated-PHP-Code-Execution.html

[Third Party Advisory] https://github.com/OS4ED/openSIS-Responsive-Design/commits/master

[Third Party Advisory, VDB Entry] https://packetstormsecurity.com/files/158257/openSIS-7.4-SQL-Injection.html

Scores

CVSS v3 9.8

EPSS 0.3631

EPSS Percentile 97.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

os4ed/opensis < 7.4

Published Jul 01, 2020

Tracked Since Feb 18, 2026