PT-2025-14637 · Opensips · Opensis

Name of the Vulnerable Software and Affected Versions: openSIS versions 7.0 through 9.1 Description: A SQL injection issue was found in the Inbox module via the cp id parameter at the "/modules/messages/Inbox.php" API endpoint. Recommendations: For openSIS versions 7.0 through 9.1, as a temporary...

OS4Ed openSIS Remote Code Execution Vulnerability

Open Solutions for Education openSIS is a U.S. Open Solutions for Education, Inc. open source student information management system . A remote code execution vulnerability exists in 'Modules.php' in OS4Ed openSIS 7.3, which stems from improper design or implementation during code development for ...

Vulnerability Spotlight: Multiple SQL, code injection vulnerabilities in OpenSIS

Yuri Kramarz and Yves Younan discovered these vulnerabilities. Blog by Jon Munshaw Cisco Talos researchers recently discovered multiple vulnerabilities in the OpenSIS software family. OpenSIS is a student information management system for K-12 students. It is available in commercial and open-sour...

openSIS 7.4 Incorrect Access Control Vulnerability

Exploit for php platform in category web applications ------------------------------------------------------- openSIS = 7.4 Incorrect Access Control Vulnerabilities ------------------------------------------------------- - Software Link: https://opensis.com/ - Affected Versions: Version 7.4 and...