📄 openSIS Classic 9.2 Path Traversal

openSIS Classic version 9.2 suffers from a path traversal vulnerability that allows for local file inclusion. ============================================================================================================================================= | Title : openSIS Classic v 9.2 Path Traversa...

EUVD-2020-19920

Malware in sbrugna...

EUVD-2009-0595

Malware in sbrugna...

CVE-2020-27409

OpenSIS Community Edition before 7.5 is affected by a cross-site scripting XSS vulnerability in SideForStudent.php via the modname parameter...

CVE-2021-40651

OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php modname parameter, which can disclose arbitrary file from the server's filesystem as long as the application has access to the file...

OpenSIS 8.0 'modname' - Directory Traversal

Exploit Title: OpenSIS 8.0 'modname' - Directory/Path Traversal Date: 09-02-2021 Exploit Author: Eric Salario Vendor Homepage: http://www.os4ed.com/ Software Link: https://opensis.com/download Version: 8.0 Tested on: Windows, Linux CVE: CVE-2021-40651 The 'modname' parameter in the 'Modules.php' ...

CVE-2020-27409

OpenSIS Community Edition before 7.5 is affected by a cross-site scripting XSS vulnerability in SideForStudent.php via the modname parameter...

CVE-2020-27409

OpenSIS Community Edition before 7.5 is affected by a cross-site scripting XSS vulnerability in SideForStudent.php via the modname parameter...

Cross site scripting

OpenSIS Community Edition before 7.5 is affected by a cross-site scripting XSS vulnerability in SideForStudent.php via the modname parameter...

CVE-2020-27409

OpenSIS Community Edition before 7.5 is affected by a cross-site scripting (XSS) vulnerability in SideForStudent.php via the modname parameter. The issue is consistently described across connected sources as CVE-2020-27409. No explicit exploit details or patch version are provided in the connecte...

CVE-2020-27409

OpenSIS Community Edition before 7.5 is affected by a cross-site scripting XSS vulnerability in SideForStudent.php via the modname parameter...

OpenSIS Community Edition Cross-Site Scripting Vulnerability

Open Solutions For Education openSIS is an open source student information management system from Open Solutions for Education Open Solutions For Education. A cross-site scripting vulnerability exists in OpenSIS Community Edition versions prior to 7.5, which stems from being affected by the...

OpenSIS ajax.php modname Code Execution (CVE-2013-1349)

A remote code execution vulnerability has been reported in OpenSIS. The vulnerability is due to insufficient validation of modname parameter while parsing requests to ajax.php module. A remote attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable server...

PNphpBB2 <= 12i - (ModName) Multiple Local File Inclusion Exploit

No description provided by source. !/usr/bin/perl PNphpBB2 = 1.2i ModName Multiple LFI Exploit by athos - stakerathotmaildotit use strict; use LWP::Simple; use Tk; my $host,$file,$about; my $poc = PNphpBB2 = 1.2i ModName Multiple LFI Exploit; my $obj = new MainWindow-background = 'E4E4E4';...

OpenSIS 'modname' - PHP Code Execution

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def...

openSIS &quot;modname&quot; PHP代码注入漏洞

CVECAN ID: CVE-2013-1349 openSIS是开源学生信息系统。 openSIS 5.2版本没有正确过滤ajax.php内的"modname"参数值，可导致注入和执行任意PHP代码。 0 opensis opensis 5.2 厂商补丁： opensis ------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.opensis.com/ openSIS: http://sourceforge.net/p/opensis-ce/bugs/59/ Egidio Romano:...

CVE-2013-1349

Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter...

Sql injection

Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter...

CVE-2013-1349

Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter...

Directory traversal

Multiple directory traversal vulnerabilities in PNphpBB2 1.2i and earlier allow remote attackers to include and execute arbitrary local files via a .. dot dot in the ModName parameter to 1 adminwords.php, 2 admingroupsreapir.php, 3 adminsmilies.php, 4 adminranks.php, 5 adminstyles.php, and 6...