CVE-2021-40309
CVE-2021-40309 describes a SQL injection in OS4Ed’s OpenSIS 8.0, specifically in the TakeAttendance.php cp_id_miss_attn parameter. The vulnerability can be triggered by an authenticated user with access to the Take Attendance functionality, enabling an attacker to inject SQL queries. Connected so...