CVE-2025-65594

OpenSIS 9.2 and below is vulnerable to Incorrect Access Control in Student.php, which allows an authenticated low-privilege user to perform unauthorized database write operations relating to the data of other users...

EUVD-2025-9608

Malicious code in bioql PyPI...

PT-2025-29581 · Opensips · Opensis

Name of the Vulnerable Software and Affected Versions: openSIS version 9.1 Description: A SQL Injection issue exists in openSIS version 9.1. A remote attacker can execute arbitrary code by manipulating the id parameter in the Ajax.php file. Recommendations: Apply input validation and sanitization...

CVE-2021-41679

A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/grades/InputFinalGrades.php, period parameter...

CVE-2021-39377

A SQL Injection vulnerability exists in openSIS 8.0 when MySQL MariaDB is being used as the application database. A malicious attacker can issue SQL commands to the MySQL MariaDB database through the index.php username parameter...

CVE-2025-22930

OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the groupid parameter at /messaging/Group.php...

openSIS SQL Injection Vulnerability (CNVD-2020-51257)

openSIS is a free, open source student information system/school management software. A SQL injection vulnerability exists in the email parameter in EmailCheck.php in openSIS 7.3. An attacker can exploit this vulnerability by sending an HTTP request to perform a SQL injection attack...