CVE-2020-6138 CRITICAL

CVE-2020-6138

Vendor N/A

Product OS4Ed

Weakness CWE-89 · SQLi

Published September 1, 2020

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

9.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The uname parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection An attacker can send an HTTP request to trigger this vulnerability.

Key dates

02Disclosure timeline

September 1, 2020 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-6138 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2026-2088 PHPGurukul Beauty Parlour Management System accepted-appointment.php sql injection CVE-2024-4907 Campcodes Complete Web-Based School Management System show_student2.php sql injection CVE-2019-25489 Homey BNB V4 SQL Injection via ajax_refresh_subtotal CVE-2025-3352 PHPGurukul Old Age Home Management System edit-scdetails.php sql injection CVE-2023-35915 WordPress WooCommerce Payments Plugin <= 5.9.0 is vulnerable to SQL Injection