Opensis
CVE-2020-13382
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
openSIS through 7.4 has Incorrect Access Control.
AnalysisAI
openSIS through 7.4 has Incorrect Access Control. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Missing Authentication for Critical Function (CWE-306), which allows attackers to access critical functionality without authentication. Affected products include: Os4Ed Opensis. Version information: through 7.4.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Require authentication for all sensitive operations, implement defense in depth.
Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP cod
openSIS through 7.4 allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable
openSIS through 7.4 allows Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitab
A remote code execution vulnerability in OS4Ed Open Source Information System Community (CVSS 9.8). Critical severity wi
SQL injection vulnerabilities were discovered in Ajax.php, ForWindow.php, ForExport.php, Modules.php, functions/HackingL
SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. Rat
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database
An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1) ADDR_CONT_USRN, 2) ADDR_CONT_PSWD, 3) SECN_CONT_
An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php. Rated critica
Opensis-Classic Version 8.0 is affected by a SQL injection vulnerability due to a lack of sanitization of input data at
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today