Vulnerability Details CVE-2020-6144
A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. The username variable which is set at line 121 in install/Step5.php allows for injection of PHP code into the Data.php file that it writes. An attacker can send an HTTP request to trigger this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.108
EPSS Ranking 93.0%
CVSS Severity
CVSS v3 Score 10.0
CVSS v2 Score 7.5
References