Lucene search
K

712 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 7:12 a.m.17 views

CVE-2024-35584

SQL injection vulnerabilities were discovered in Ajax.php, ForWindow.php, ForExport.php, Modules.php, functions/HackingLogFnc.php in OpenSis Community Edition 9.1 to 8.0, and possibly earlier versions. It is possible for an authenticated user to perform SQL Injection due to the lack to...

8.8CVSS9.3AI score0.05695EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:43 a.m.8 views

CVE-2024-46626

OS4ED openSIS-Classic v9.1 was discovered to contain a SQL injection vulnerability via a crafted payload...

8.8CVSS8.2AI score0.00881EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:9 a.m.9 views

CVE-2023-38885

OpenSIS Classic Community Edition version 9.0 lacks cross-site request forgery CSRF protection throughout the whole app. This may allow an attacker to trick an authenticated user into performing any kind of state changing request...

8.8CVSS6.8AI score0.00365EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:9 a.m.12 views

CVE-2023-38883

A reflected cross-site scripting XSS vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'ajax' parameter in 'ParentLookup.php'...

6.1CVSS6.1AI score0.00631EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:9 a.m.11 views

CVE-2023-38884

An Insecure Direct Object Reference IDOR vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/-'...

7.5CVSS7.1AI score0.00878EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:9 a.m.9 views

CVE-2023-38879

The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to read arbitrary files via a directory traversal vulnerability in the 'filename' parameter of 'DownloadWindow.php'...

7.5CVSS7AI score0.03663EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:9 a.m.9 views

CVE-2023-38880

The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup is stored in the web root while the file name has a format of "opensisBackup.sql" e.g...

9.8CVSS7AI score0.00959EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:9 a.m.16 views

CVE-2023-38882

A reflected cross-site scripting XSS vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'include' parameter in 'ForExport.php'...

6.1CVSS6.1AI score0.00631EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 2:21 a.m.5 views

CVE-2023-38881

A reflected cross-site scripting XSS vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into any of the 'calendarid', 'schooldate', 'month' or 'year'...

6.1CVSS6.1AI score0.00623EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:19 a.m.10 views

CVE-2022-45962

Open Solutions for Education, Inc openSIS Community Edition v8.0 and earlier is vulnerable to SQL Injection via CalendarModal.php...

6.5CVSS8.1AI score0.00901EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:35 p.m.7 views

CVE-2022-27041

Due to lack of protection, parameter studentid in OpenSIS Classic 8.0 /modules/eligibility/Student.php can be used to inject SQL queries to extract information from databases...

7.5CVSS7.2AI score0.01312EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:20 p.m.6 views

CVE-2021-41679

A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/grades/InputFinalGrades.php, period parameter...

9.8CVSS8AI score0.01305EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 8:36 p.m.5 views

CVE-2021-39377

A SQL Injection vulnerability exists in openSIS 8.0 when MySQL MariaDB is being used as the application database. A malicious attacker can issue SQL commands to the MySQL MariaDB database through the index.php username parameter...

9.8CVSS7.3AI score0.03604EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:48 p.m.6 views

CVE-2021-40637

OS4ED openSIS 8.0 is affected by cross-site scripting XSS in EmailCheckOthers.php. An attacker can inject JavaScript code to get the user's cookie and take over the working session of user...

6.1CVSS5.8AI score0.00774EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 6:45 p.m.5 views

CVE-2021-40636

OS4ED openSIS 8.0 is affected by SQL Injection in CheckDuplicateName.php, which can extract information from the database...

7.5CVSS7.8AI score0.0126EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 6:44 p.m.7 views

CVE-2021-40635

OS4ED openSIS 8.0 is affected by SQL injection in ChooseCpSearch.php, ChooseRequestSearch.php. An attacker can inject a SQL query to extract information from the database...

7.5CVSS7.4AI score0.0126EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 6:44 p.m.7 views

CVE-2021-40310

OpenSIS Community Edition version 8.0 is affected by a cross-site scripting XSS vulnerability in the TakeAttendance.php via the cpidmissattn parameter...

5.4CVSS5.7AI score0.00812EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2025/05/22 6:10 p.m.10 views

CVE-2021-39378

A SQL Injection vulnerability exists in openSIS 8.0 when MySQL MariaDB is being used as the application database. A malicious attacker can issue SQL commands to the MySQL MariaDB database through the NamesList.php str parameter...

9.8CVSS8.1AI score0.22669EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:9 p.m.7 views

CVE-2021-39379

A SQL Injection vulnerability exists in openSIS 8.0 when MySQL MariaDB is being used as the application database. A malicious attacker can issue SQL commands to the MySQL MariaDB database through the ResetUserInfo.php passwordstnid parameter...

9.8CVSS8.1AI score0.03634EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:33 p.m.8 views

CVE-2020-27408

OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users...

7.5CVSS7.4AI score0.01654EPSS
Exploits1
Rows per page
Query Builder