Title:Open Solutions for Education openSIS SQL注入漏洞 (CVE-2020-6637) Description:Open Solutions for Education openSIS是美国Open Solutions for Education公司的一套开源的学生信息管理系统。 openSIS Community Edition 7.3版本存在SQL注入漏洞,该漏洞源于基于数据库的应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令。
Description
OpenSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php.
1. It is advised to access via the original source first.2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.