73 matches found
openSIS Classic v9.1 - SQL Injection
SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $usernamestnid parameter, which can be manipulated by an attacker to inject arbitrary SQL commands. id: CVE-2024-51211...
EUVD-2021-27718
Malicious code in bioql PyPI...
EUVD-2023-42648
Malicious code in bioql PyPI...
EUVD-2022-31581
Malicious code in bioql PyPI...
EUVD-2023-42651
Malicious code in bioql PyPI...
EUVD-2021-27792
Malicious code in bioql PyPI...
EUVD-2023-42652
Malicious code in bioql PyPI...
EUVD-2023-42647
Malicious code in bioql PyPI...
EUVD-2023-42649
Malicious code in bioql PyPI...
CVE-2024-46626
OS4ED openSIS-Classic v9.1 was discovered to contain a SQL injection vulnerability via a crafted payload...
CVE-2023-38885
OpenSIS Classic Community Edition version 9.0 lacks cross-site request forgery CSRF protection throughout the whole app. This may allow an attacker to trick an authenticated user into performing any kind of state changing request...
CVE-2023-38883
A reflected cross-site scripting XSS vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'ajax' parameter in 'ParentLookup.php'...
CVE-2023-38884
An Insecure Direct Object Reference IDOR vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/-'...
CVE-2023-38879
The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to read arbitrary files via a directory traversal vulnerability in the 'filename' parameter of 'DownloadWindow.php'...
CVE-2023-38882
A reflected cross-site scripting XSS vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'include' parameter in 'ForExport.php'...
CVE-2022-27041
Due to lack of protection, parameter studentid in OpenSIS Classic 8.0 /modules/eligibility/Student.php can be used to inject SQL queries to extract information from databases...
VulnCheck KEV: CVE-2024-51211
SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $usernamestnid parameter, which can be manipulated by an attacker to inject arbitrary SQL commands...
CVE-2024-51211
SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $usernamestnid parameter, which can be manipulated by an attacker to inject arbitrary SQL commands...
CVE-2024-51211
SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $usernamestnid parameter, which can be manipulated by an attacker to inject arbitrary SQL commands...
CVE-2024-51211
SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $usernamestnid parameter, which can be manipulated by an attacker to inject arbitrary SQL commands...