» 2020 » 9월

CVE-2020-23450

Posted on 2020년 9월 2일2020년 9월 2일 by admin

CVE-2020-23450

Spiceworks Version <= 7.5.00107 is affected by XSS. Any name typed on Custom Groups function is vulnerable to stored XSS as they displayed on http://127.0.0.1/inventory/groups/ without output sanitization.

Source: CVE-2020-23450

CVE-2012-3337

Posted on 2020년 9월 2일2020년 9월 2일 by admin

CVE-2012-3337

IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to download arbitrary files on the system. IBM X-Force ID: 78284.

Source: CVE-2012-3337

CVE-2012-3336

Posted on 2020년 9월 2일2020년 9월 2일 by admin

CVE-2012-3336

IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to multiple scripts, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 78282.

Source: CVE-2012-3336

CVE-2020-6126

Posted on 2020년 9월 2일2020년 9월 2일 by admin

CVE-2020-6126

SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. The course_period_id parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.

Source: CVE-2020-6126

CVE-2020-6124

Posted on 2020년 9월 2일2020년 9월 2일 by admin

CVE-2020-6124

An exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. The email parameter in the page EmailCheckOthers.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Source: CVE-2020-6124

CVE-2020-6134

Posted on 2020년 9월 2일2020년 9월 2일 by admin

CVE-2020-6134

SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page MassDropModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Source: CVE-2020-6134

CVE-2020-6133

Posted on 2020년 9월 2일2020년 9월 2일 by admin

CVE-2020-6133

SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page CourseMoreInfo.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Source: CVE-2020-6133

CVE-2020-6128

Posted on 2020년 9월 2일2020년 9월 2일 by admin

CVE-2020-6128

SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. The meet_date parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Source: CVE-2020-6128

CVE-2020-6132

Posted on 2020년 9월 2일2020년 9월 2일 by admin

CVE-2020-6132

SQL injection vulnerability exists in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page ChooseCP.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Source: CVE-2020-6132

CVE-2020-6125

Posted on 2020년 9월 2일2020년 9월 2일 by admin

CVE-2020-6125

An exploitable SQL injection vulnerability exists in the GetSchool.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Source: CVE-2020-6125