18 matches found
CVE-2021-39379
A SQL Injection vulnerability exists in openSIS 8.0 when MySQL MariaDB is being used as the application database. A malicious attacker can issue SQL commands to the MySQL MariaDB database through the ResetUserInfo.php passwordstnid parameter...
CVE-2024-51211
SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $usernamestnid parameter, which can be manipulated by an attacker to inject arbitrary SQL commands...
CVE-2024-51211
SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $usernamestnid parameter, which can be manipulated by an attacker to inject arbitrary SQL commands...
CVE-2024-51211
SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $usernamestnid parameter, which can be manipulated by an attacker to inject arbitrary SQL commands...
PT-2024-34564 · Os4Ed · Opensis Classic
Name of the Vulnerable Software and Affected Versions: OS4ED openSIS-Classic version 9.1 Description: A SQL injection issue exists due to improper input validation of the username stn id parameter in the resetuserinfo.php file, allowing an attacker to inject arbitrary SQL commands. Recommendation...
CVE-2024-51211
openSIS-Classic 9.1 (OS4ED) contains a SQL injection in resetuserinfo.php via improper input validation of the username_stn_id parameter, enabling an attacker to inject arbitrary SQL commands. Affected component/file: resetuserinfo.php in OS4ED openSIS-Classic version 9.1. Root cause: insufficien...
openSIS-Classic 安全漏洞
Open Solutions For Education OpenSis-Classic is an open source commercial-grade, secure, scalable and intuitive student information system, school management software from Open Solutions For Education, Inc. A security vulnerability exists in openSIS-Classic version 9.1, which stems from the...
openSIS SQL Injection Vulnerability (CNVD-2021-93905)
openSIS is a free and open source student information system/school management software. openSIS version 8.0 is vulnerable to SQL injection when using MySQL MariaDB as the application database. An attacker can exploit this vulnerability to issue SQL commands to the MySQL MariaDB database via the...
CVE-2021-39379
A SQL Injection vulnerability exists in openSIS 8.0 when MySQL MariaDB is being used as the application database. A malicious attacker can issue SQL commands to the MySQL MariaDB database through the ResetUserInfo.php passwordstnid parameter...
CVE-2021-39379
A SQL Injection vulnerability exists in openSIS 8.0 when MySQL MariaDB is being used as the application database. A malicious attacker can issue SQL commands to the MySQL MariaDB database through the ResetUserInfo.php passwordstnid parameter...
CVE-2021-39379
A SQL Injection vulnerability exists in openSIS 8.0 when MySQL MariaDB is being used as the application database. A malicious attacker can issue SQL commands to the MySQL MariaDB database through the ResetUserInfo.php passwordstnid parameter...
Open Solutions For Education openSIS SQL注入漏洞
openSIS is a free and open source student information system/school management software. openSIS version 8.0 is vulnerable to SQL injection when using MySQL MariaDB as the application database. An attacker can exploit this vulnerability to issue SQL commands to the MySQL MariaDB database via the...
CVE-2020-27408
OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users...
CVE-2020-27408
OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users...
Design/Logic Flaw
OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users...
CVE-2020-27408
OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users...
CVE-2020-27408
OpenSIS Community Edition up to version 7.6 is affected by an access-control flaw in ResetUserInfo.php that lets an unauthenticated attacker change arbitrary user passwords. The root cause is improper access controls on the ResetUserInfo.php endpoint, enabling password modification without authen...
Open Solutions For Education openSIS Encryption Problem Vulnerability
Open Solutions For Education openSIS is an open source student information management system from Open Solutions for Education OSE. A vulnerability exists in OpenSIS Community Edition version 7.6 and prior versions due to an encryption issue that originates from incorrect access controls in the...