» 2020 » 9월

CVE-2020-2248

Posted on 2020년 9월 1일2020년 9월 2일 by admin

CVE-2020-2248

Jenkins JSGames Plugin 0.2 and earlier evaluates part of a URL as code, resulting in a reflected cross-site scripting (XSS) vulnerability.

Source: CVE-2020-2248

CVE-2020-6117

Posted on 2020년 9월 1일2020년 9월 2일 by admin

CVE-2020-6117

SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bday parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Source: CVE-2020-6117

CVE-2020-6118

Posted on 2020년 9월 1일2020년 9월 2일 by admin

CVE-2020-6118

SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bmonth parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Source: CVE-2020-6118

CVE-2020-6123

Posted on 2020년 9월 1일2020년 9월 2일 by admin

CVE-2020-6123

An exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. The email parameter in the page EmailCheck.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Source: CVE-2020-6123

CVE-2020-6120

Posted on 2020년 9월 1일2020년 9월 2일 by admin

CVE-2020-6120

SQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The fn parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Source: CVE-2020-6120

CVE-2020-6119

Posted on 2020년 9월 1일2020년 9월 2일 by admin

CVE-2020-6119

SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The byear parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Source: CVE-2020-6119

CVE-2020-2250

Posted on 2020년 9월 1일2020년 9월 2일 by admin

CVE-2020-2250

Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system.

Source: CVE-2020-2250

CVE-2020-2247

Posted on 2020년 9월 1일2020년 9월 2일 by admin

CVE-2020-2247

Jenkins Klocwork Analysis Plugin 2020.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Source: CVE-2020-2247

CVE-2020-2246

Posted on 2020년 9월 1일2020년 9월 2일 by admin

CVE-2020-2246

Jenkins Valgrind Plugin 0.28 and earlier does not escape content in Valgrind XML reports, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control Valgrind XML report contents.

Source: CVE-2020-2246

CVE-2020-6122

Posted on 2020년 9월 1일2020년 9월 2일 by admin

CVE-2020-6122

SQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The mn parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Source: CVE-2020-6122