CVE-2020-6125
published 2020-09-01CVE-2020-6125: An exploitable SQL injection vulnerability exists in the GetSchool.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL…
PriorityP350high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.80%
75.8th percentile
An exploitable SQL injection vulnerability exists in the GetSchool.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| os4ed | opensis | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv3.06.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Multiple SQL, code injection vulnerabilities in OpenSIS
blogs_talos·2020-08-31·CVSS 8.8
[HIGH] Vulnerability Spotlight: Multiple SQL, code injection vulnerabilities in OpenSIS
Yuri Kramarz and Yves Younan discovered these vulnerabilities. Blog by Jon Munshaw
Cisco Talos researchers recently discovered multiple vulnerabilities in the OpenSIS software family. OpenSIS is a student information management system for K-12 students. It is available in commercial
and open-source versions and allows schools to create schedules and track attendance, grades and transcripts. An adversary could take advantage of these bugs to carry out a range of malicious activities, including SQL injection and remote code execution.
In accordance with our coordinated disclosure policy, Cisco Talos worked with OpenSIS to ensure that these issues are resolved and that an update is available for affected customers.
### Vulnerability details
OS4Ed openSIS CheckDuplicateStudent.php page SQ
Talos
Vulnerability Spotlight: Multiple SQL, code injection vulnerabilities in OpenSIS
blogs_talos·2020-08-31·CVSS 8.8
[HIGH] Vulnerability Spotlight: Multiple SQL, code injection vulnerabilities in OpenSIS
## Vulnerability Spotlight: Multiple SQL, code injection vulnerabilities in OpenSIS
Yuri Kramarz and Yves Younan discovered these vulnerabilities. Blog by Jon Munshaw
Cisco Talos researchers recently discovered multiple vulnerabilities in the OpenSIS software family. OpenSIS is a student information management system for K-12 students. It is available in commercial
and open-source versions and allows schools to create schedules and track attendance, grades and transcripts. An adversary could take advantage of these bugs to carry out a range of malicious activities, including SQL injection and remote code execution.
In accordance with our coordinated disclosure policy, Cisco Talos worked with OpenSIS to ensure that these issues are resolved and that an update is available for affected c
Bugzilla
CVE-2020-15719 openldap: Certificate validation incorrectly matches name against CN-ID
bugzilla·2020-07-02·CVSS 4.2
CVE-2020-15719 [MEDIUM] CVE-2020-15719 openldap: Certificate validation incorrectly matches name against CN-ID
CVE-2020-15719 openldap: Certificate validation incorrectly matches name against CN-ID
OpenLDAP library, libldap, fails to strictly follow RFC 6125 during certificate validation.
During certificate validation, a client matches the server's name against the Common Name identifier when other non-matching identifiers are present.
This is explicitly denied in RFC 6125 (section 6.4.4, Checking of Common Names) :
```
As noted, a client MUST NOT seek a match for a reference identifier
of CN-ID if the presented identifiers include a DNS-ID, SRV-ID,
URI-ID, or any application-specific identifier types supported by the
client.
```
This may help an attacker to force a client to consider a specially crafted certificate as valid, which could be used for a Person in the Middle attack.
Discussion:
2020-09-01
Published