CVE-2024-51211 PoC — openSIS-Classic 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-51211.yaml

Associated Vulnerability

Title:openSIS-Classic 安全漏洞 (CVE-2024-51211)
Description:Open Solutions For Education OpenSis-Classic是美国Open Solutions For Education公司的一个开源的商业级、安全、可扩展和直观的学生信息系统、学校管理软件。 openSIS-Classic 9.1 版本存在安全漏洞，该漏洞源于resetuserinfo.php文件中的username_stn_id参数包含一个输入验证不当问题，导致SQL注入。

Description

SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $username_stn_id parameter, which can be manipulated by an attacker to inject arbitrary SQL commands.

File Snapshot


 id: CVE-2024-51211

info:
  name: openSIS Classic v9.1 - SQL Injection
  author: Haliteroglu
  sever

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!