openSIS is a free and open source student information system/school management software. openSIS version 8.0 has ADDR_CONT_USRN, ADDR_CONT_PSWD, SECN_CONT_USRN, SECN_CONT_PSWD parameters in the HoldAddressFields.php SQL injection vulnerability. An attacker could use this vulnerability to obtain sensitive database information.