CVE-2020-6123

Source
https://cve.org/CVERecord?id=CVE-2020-6123
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-6123.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-6123
Published
2020-09-01T14:15:13.957Z
Modified
2026-07-08T17:56:43.468760Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. The email parameter in the page EmailCheck.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

References

Affected packages

Git / github.com/os4ed/opensis-classic

Affected ranges

Type
GIT
Repo
https://github.com/os4ed/opensis-classic
Events
Database specific
{
    "cpe": "cpe:2.3:a:os4ed:opensis:7.3:*:*:*:-:*:*:*",
    "extracted_events": [
        {
            "introduced": "7.3"
        },
        {
            "last_affected": "7.3"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

7.*
7.3
v7.*
v7.3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-6123.json"