Opensis SQL Injection Vulnerability (CNVD-2021-101539)

openSIS is a free and open source student information system/school management software. openSIS version 8.0 is vulnerable to SQL injection. The vulnerability stems from a lack of validation of the input data for the $_GET[‘usrid’] and $_GET[‘prof_id’] parameters in PasswordCheck.php. An attacker could exploit this vulnerability to inject sql code and obtain all information in the database.