openSIS Classic v9.1 - SQL Injection

SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $usernamestnid parameter, which can be manipulated by an attacker to inject arbitrary SQL commands. id: CVE-2024-51211...

EUVD-2023-42648

Malicious code in bioql PyPI...

EUVD-2021-27718

Malicious code in bioql PyPI...

EUVD-2022-31581

Malicious code in bioql PyPI...

EUVD-2023-42651

Malicious code in bioql PyPI...

EUVD-2023-42649

Malicious code in bioql PyPI...

EUVD-2023-42647

Malicious code in bioql PyPI...

EUVD-2023-42652

Malicious code in bioql PyPI...

EUVD-2021-27792

Malicious code in bioql PyPI...

CVE-2024-46626

OS4ED openSIS-Classic v9.1 was discovered to contain a SQL injection vulnerability via a crafted payload...

CVE-2023-38885

OpenSIS Classic Community Edition version 9.0 lacks cross-site request forgery CSRF protection throughout the whole app. This may allow an attacker to trick an authenticated user into performing any kind of state changing request...

CVE-2023-38883

A reflected cross-site scripting XSS vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'ajax' parameter in 'ParentLookup.php'...

CVE-2023-38884

An Insecure Direct Object Reference IDOR vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/-'...

CVE-2023-38879

The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to read arbitrary files via a directory traversal vulnerability in the 'filename' parameter of 'DownloadWindow.php'...

CVE-2023-38882

A reflected cross-site scripting XSS vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'include' parameter in 'ForExport.php'...

CVE-2022-27041

Due to lack of protection, parameter studentid in OpenSIS Classic 8.0 /modules/eligibility/Student.php can be used to inject SQL queries to extract information from databases...

VulnCheck KEV: CVE-2024-51211

SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $usernamestnid parameter, which can be manipulated by an attacker to inject arbitrary SQL commands...

CVE-2024-51211

SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $usernamestnid parameter, which can be manipulated by an attacker to inject arbitrary SQL commands...

CVE-2024-51211

SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $usernamestnid parameter, which can be manipulated by an attacker to inject arbitrary SQL commands...

CVE-2024-51211

SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $usernamestnid parameter, which can be manipulated by an attacker to inject arbitrary SQL commands...