Description
An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1) ADDR_CONT_USRN, 2) ADDR_CONT_PSWD, 3) SECN_CONT_USRN or 4) SECN_CONT_PSWD parameters in HoldAddressFields.php.
References
https://github.com/OS4ED/openSIS-Classic/issues/193
ExploitIssue TrackingThird Party Advisory
https://github.com/OS4ED/openSIS-Classic/issues/193
ExploitIssue TrackingThird Party Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 · Critical
Information
Source identifier
Vulnerability status
Modified
Published
2021-10-12T16:15:08.453Z
4 years agoLast modified
2024-11-21T05:24:28.500Z
1 year ago