Home > Vulnerability Database > WS-2022-0453

Mend.io Vulnerability Database

WS-2022-0453

Date: November 25, 2022

SQL injection in OpenSIS Classic v9.0 and earlier allows remote authenticated attackers to execute SQL code via the id parameter in MassScheduleModal.php leading to full database information disclosure.

Language: PHP

Severity Score

6.5

Related Resources (2)

Url: https://github.com/os4ed/opensis-classic/commit/60770d9f2afe76f17f230bc7068b26689c2f5d04

Url: https://www.mend.io/vulnerability-database/WS-2022-0453

Severity Score

6.5

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-89

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2022-0453

Date: November 25, 2022

Language: PHP

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?