CVE-2020-6120

HIGH

OS4Ed openSIS 7.3 - Authenticated SQL Injection via CheckDuplicateStudent.php fn Parameter

Title source: llm
STIX 2.1

Description

SQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The fn parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

References (1)

Core 1
Core References
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1072

Scores

CVSS v3 8.8
EPSS 0.0140
EPSS Percentile 69.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
os4ed/opensis 7.3
Published Sep 01, 2020
Tracked Since Feb 18, 2026