CVE-2020-6118 MEDIUM

CVE-2020-6118

Vendor N/A

Product OS4ED"

Weakness CWE-89 · SQLi

Published September 1, 2020

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

6.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bmonth parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Key dates

02Disclosure timeline

September 1, 2020 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-6118

Related vulnerabilities

04Related CVE

CVE-2022-21643 SQL Injection in USOC CVE-2026-40285 WeGIA has SQL Injection via Session Variable Override in DespachoControle.php CVE-2025-13289 1000projects Design & Development of Student Database Management System SubjectDetails.php sql injection CVE-2023-6655 Hongjing e-HR Login Interface loadhistroyorgtree sql injection CVE-2025-2984 code-projects Payroll Management System delete.php sql injection