Main Vulnerability Database Vulnerabilities #VU46335

#VU46335 Code Injection in openSIS - CVE-2013-1349

Published: December 9, 2013 / Updated: September 9, 2020

Vulnerability identifier: #VU46335

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:A/U:Green

CVE-ID: CVE-2013-1349

CWE-ID: CWE-94

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
openSIS

Software vendor:
Open Solutions for Education

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter.

Install update from vendor's website.