CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-6139

SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The username_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 71.5%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1080
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1080

Products affected by CVE-2020-6139

Os4ed » Opensis » Version: 7.3

cpe:2.3:a:os4ed:opensis:7.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-6139

Products

Pricing

Contact Us