{"containers":{"cna":{"affected":[{"product":"OS4Ed","vendor":"n/a","versions":[{"status":"affected","version":"OS4Ed openSIS 7.3"}]}],"descriptions":[{"lang":"en","value":"SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. The id parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability."}],"metrics":[{"cvssV3_0":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.4,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","version":"3.0"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-89","description":"CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2020-09-01T14:14:51.000Z","orgId":"b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b","shortName":"talos"},"references":[{"tags":["x_refsource_MISC"],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2020-1075"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"talos-cna@cisco.com","ID":"CVE-2020-6127","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"OS4Ed","version":{"version_data":[{"version_value":"OS4Ed openSIS 7.3"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. The id parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability."}]},"impact":{"cvss":{"baseScore":6.4,"baseSeverity":"Medium","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","version":"3.0"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}]},"references":{"reference_data":[{"name":"https://talosintelligence.com/vulnerability_reports/TALOS-2020-1075","refsource":"MISC","url":"https://talosintelligence.com/vulnerability_reports/TALOS-2020-1075"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T08:55:20.858Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2020-1075"}]}]},"cveMetadata":{"assignerOrgId":"b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b","assignerShortName":"talos","cveId":"CVE-2020-6127","datePublished":"2020-09-01T14:14:51.000Z","dateReserved":"2020-01-07T00:00:00.000Z","dateUpdated":"2024-08-04T08:55:20.858Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}