漏洞描述
openSIS 8.0 中存在SQL注入漏洞。该漏洞是由于NamesList.php中对参数中的恶意数据校验不足导致的。
OpenSIS 8.0 CVE-2021-39378 SQL 注入漏洞
PoC代码
暂无相关漏洞推荐
- openSIS v9.1存在路径遍历(CVE-2023-38879)
- POC CVE-2020-6637: OpenSIS 7.3 - SQL Injection
- POC CVE-2021-40542: Opensis-Classic 8.0 - Cross-Site Scripting
- POC CVE-2021-40651: OS4Ed OpenSIS Community 8.0 - Local File Inclusion
- POC CVE-2021-41691: openSIS Student Information System 8.0 SQL Injection
- POC CVE-2023-38879: openSIS v9.0 - Path Traversal
- POC CVE-2024-35584: openSIS < 9.1 - SQL Injection
- POC CVE-2024-51211: openSIS Classic v9.1 - SQL Injection
- POC opensis-installer: openSIS Installation Wizard
- POC opensis-lfi: openSIS 5.1 - Local File Inclusion
- openSIS v9.0 /DownloadWindow.php 目录遍历漏洞(CVE-2023-38879)
- openSIS登录口SQL注入漏洞(CVE-2020-6141,CVE-2020-6637)