Monday, August 31, 2020

Vulnerability Spotlight: Multiple SQL, code injection vulnerabilities in OpenSIS



Yuri Kramarz and Yves Younan discovered these vulnerabilities. Blog by Jon Munshaw

Cisco Talos researchers recently discovered multiple vulnerabilities in the OpenSIS software family. OpenSIS is a student information management system for K-12 students. It is available in commercial

and open-source versions and allows schools to create schedules and track attendance, grades and transcripts. An adversary could take advantage of these bugs to carry out a range of malicious activities, including SQL injection and remote code execution.

In accordance with our coordinated disclosure policy, Cisco Talos worked with OpenSIS to ensure that these issues are resolved and that an update is available for affected customers.

Vulnerability details

OS4Ed openSIS CheckDuplicateStudent.php page SQL injection vulnerability (TALOS-2020-1072/CVE-2020-6117 through CVE-2020-6122)

Multiple exploitable SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. A specially crafted HTTP request leads to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.

Read the complete vulnerability advisory here for additional information. 

OS4Ed openSIS CheckDuplicateStudent.php page SQL injection vulnerability (TALOS-2020-1073/CVE-2020-6123/6124)

An exploitable SQL injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information. 

OS4Ed openSIS GetSchool.php SQL injection vulnerability (TALOS-2020-1074/CVE-2020-6125)

An exploitable SQL injection vulnerability exists in the GetSchool.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information. 

OS4Ed openSIS CoursePeriodModal.php page multiple SQL injection vulnerabilities (TALOS-2020-1075/CVE-2020-6126 through 6128)

An exploitable SQL injection vulnerability exists in the GetSchool.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information. 

OS4Ed openSIS course_period_id parameter multiple SQL injection vulnerabilities (TALOS-2020-1076/CVE-2020-6129 through 6131)

An exploitable SQL injection vulnerability exists in the GetSchool.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information. 

OS4Ed openSIS course_period_id parameter multiple SQL injection vulnerabilities (TALOS-2020-1077/CVE-2020-6132 through 6134)

Multiple exploitable SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.

Read the complete vulnerability advisory here for additional information. 

OS4Ed openSIS Validator.php SQL injection vulnerability (TALOS-2020-1078/CVE-2020-6135)

An exploitable SQL injection vulnerability exists in the Validator.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information. 

OS4Ed openSIS DownloadWindow.php SQL injection vulnerability (TALOS-2020-1079/CVE-2020-6136)

An exploitable SQL injection vulnerability exists in the Validator.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information. 

OS4Ed openSIS Password Reset Multiple SQL injection vulnerabilities (TALOS-2020-1080/CVE-2020-6137 through 6140)

Multiple SQL injection vulnerabilities exist in the password reset functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can send an HTTP request to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information. 

OS4Ed openSIS login SQL injection vulnerability (TALOS-2020-1081/CVE-2020-6141)

An exploitable SQL injection vulnerability exists in the login functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can send an HTTP request to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information. 

OS4Ed openSIS Modules.php remote code execution vulnerability (TALOS-2020-1082/CVE-2020-6142)

A remote code execution vulnerability exists in the Modules.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can cause local file inclusion. An attacker can send an HTTP request to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information. 

OS4Ed openSIS Modules.php remote code execution vulnerability (TALOS-2020-1083/CVE-2020-6143/6144)

A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. A specially crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information. 


Versions tested

Talos tested and confirmed that this vulnerability affects OS4Ed openSIS, version 7.4.


Coverage

The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 54123 - 54144, 54251 - 54264, 54267 - 54269


No comments:

Post a Comment