CVE-2020-6132

HIGH

OS4Ed openSIS 7.3 - Authenticated SQL Injection via ChooseCP.php ID Parameter

Title source: llm
STIX 2.1

Description

SQL injection vulnerability exists in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page ChooseCP.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

References (1)

Core 1
Core References
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1077

Scores

CVSS v3 8.8
EPSS 0.0140
EPSS Percentile 69.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
os4ed/opensis 7.3
Published Sep 01, 2020
Tracked Since Feb 18, 2026