{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T21:19:27.546","vulnerabilities":[{"cve":{"id":"CVE-2021-40353","sourceIdentifier":"cve@mitre.org","published":"2021-09-01T01:15:07.027","lastModified":"2024-11-21T06:23:56.040","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the index.php USERNAME parameter. NOTE: this issue may exist because of an incomplete fix for CVE-2020-6637."},{"lang":"es","value":"Se presenta una vulnerabilidad de inyección SQL en la versión 8.0 de openSIS cuando MySQL o MariaDB es usado como base de datos de la aplicación. Un atacante puede emitir el comando SQL por medio del parámetro index.php USERNAME. NOTA: este problema puede existir debido a una solución incompleta para CVE-2020-6637"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:os4ed:opensis:8.0:*:*:*:*:*:*:*","matchCriteriaId":"20B5286C-4CFF-4710-8D23-C76669FADFE7"}]}]}],"references":[{"url":"https://github.com/5qu1n7/CVE-2021-40353","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.opensis.com/download/english","source":"cve@mitre.org","tags":["Product"]},{"url":"https://github.com/5qu1n7/CVE-2021-40353","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.opensis.com/download/english","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]}]}}]}