what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

CVE-2020-13381

Related Files

openSIS 7.4 Unauthenticated PHP Code Execution

Posted Jul 6, 2020

Authored by EgiX | Site metasploit.com

This Metasploit module exploits multiple vulnerabilities in openSIS 7.4 and prior versions which could be abused by unauthenticated attackers to execute arbitrary PHP code with the permissions of the webserver. The exploit chain abuses an incorrect access control issue which allows access to scripts which should require the user to be authenticated, and a local file inclusion to reach a SQL injection vulnerability which results in execution of arbitrary PHP code due to an unsafe use of the eval() function.

tags | exploit, arbitrary, local, php, vulnerability, sql injection, file inclusion

advisories | CVE-2020-13381, CVE-2020-13382, CVE-2020-13383

SHA-256 | 942c0ce311ce709dd7c1790955789b1f88040cee422935d166bdf0e150147703

Download | Favorite | View

openSIS 7.4 SQL Injection

Posted Jun 30, 2020

Authored by EgiX | Site karmainsecurity.com

openSIS versions 7.4 and below suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection

advisories | CVE-2020-13380, CVE-2020-13381

SHA-256 | 400d9b74c5924b238ccb88c1968e13b4640183baf55f44521ab902c275f4c1d9

Download | Favorite | View