CVE-2020-6134
published 2020-09-01CVE-2020-6134: SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page MassDropModal.php is vulnerable to SQL…
PriorityP347high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.40%
69.2th percentile
SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page MassDropModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| os4ed | opensis | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv3.06.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_redhat6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p22x-x8mg-qrqm: SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7
ghsa_unreviewed·2022-05-24
CVE-2020-6134 [MEDIUM] CWE-89 GHSA-p22x-x8mg-qrqm: SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7
SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page MassDropModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Red Hat
keycloak: reflected XSS via wildcard in OIDC redirect_uri
vendor_redhat·2023-11-14·CVSS 6.1
CVE-2023-6134 [MEDIUM] CWE-79 keycloak: reflected XSS via wildcard in OIDC redirect_uri
keycloak: reflected XSS via wildcard in OIDC redirect_uri
A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.
A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-09-01
Published