CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-40309

A SQL injection vulnerability exists in the Take Attendance functionality of OS4Ed's OpenSIS 8.0. allows an attacker to inject their own SQL query. The cp_id_miss_attn parameter from TakeAttendance.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request as a user with access to "Take Attendance" functionality to trigger this vulnerability.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 57.1%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

https://github.com/MiSERYYYYY/Vulnerability-Reports-and-Disclosures/blob/main/OpenSIS-Community-8.0.md
https://github.com/OS4ED/openSIS-Classic
https://www.exploit-db.com/exploits/50249
https://github.com/MiSERYYYYY/Vulnerability-Reports-and-Disclosures/blob/main/OpenSIS-Community-8.0.md
https://github.com/OS4ED/openSIS-Classic
https://www.exploit-db.com/exploits/50249

Products affected by CVE-2021-40309

Os4ed » Opensis » Version: 8.0

cpe:2.3:a:os4ed:opensis:8.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-40309

Products

Pricing

Contact Us