CVE-2022-27041 · Vexday

CVE-2022-27041

EPSS 1.3%

Due to lack of protection, parameter student_id in OpenSIS Classic 8.0 /modules/eligibility/Student.php can be used to inject SQL queries to extract information from databases.

Produtos afetados

n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/OS4ED/openSIS-Classic/issues/248