CVE-2020-6129 MEDIUM

CVE-2020-6129

Vendor N/A

Product OS4ED

Weakness CWE-89 · SQLi

Published September 1, 2020

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

6.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page CpSessionSet.php is vulnerable to SQL injection.An attacker can make an authenticated HTTP request to trigger these vulnerabilities.

Key dates

02Disclosure timeline

September 1, 2020 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-6129

Related vulnerabilities

04Related CVE

CVE-2026-42742 WordPress Views for WPForms plugin <= 3.4.6 - SQL Injection vulnerability CVE-2025-7491 PHPGurukul Vehicle Parking Management System manage-outgoingvehicle.php sql injection CVE-2011-0467 SQL injection in SUSE studio via select parameter CVE-2023-5435 Up down image slideshow gallery <= 12.0 - Authenticated (Subscriber+) SQL Injection via Shortcode CVE-2018-25075 karsany OBridge ProcedureDao.java getAllStandaloneProcedureAndFunction sql injection