Filtered by vendor Os4ed
Subscribe
Total
65 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-6141 | 1 Os4ed | 1 Opensis | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An exploitable SQL injection vulnerability exists in the login functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2020-6134 | 1 Os4ed | 1 Opensis | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page MassDropModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
CVE-2020-6136 | 1 Os4ed | 1 Opensis | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
An exploitable SQL injection vulnerability exists in the DownloadWindow.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
CVE-2014-8366 | 1 Os4ed | 1 Opensis | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in openSIS 4.5 through 5.3 allows remote attackers to execute arbitrary SQL commands via the Username and password to index.php. | |||||
CVE-2013-1349 | 1 Os4ed | 1 Opensis | 2023-12-10 | 7.5 HIGH | N/A |
Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter. |