Opensis@7.0 Security Vulnerabilities and Issues — Opensis@7.0 CVE List

Lucene search

Os4edOpensis7.0

6 matches found

CVE•added 2025/04/03 2:15 p.m.•46 views

CVE-2025-22929

OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the filter_id parameter at /students/StudentFilters.php.

9.8CVSS8.5AI score0.00036EPSS

Web

CVE•added 2025/04/02 9:15 p.m.•45 views

CVE-2025-22924

OS4ED openSIS v7.0 through v9.1 contains a SQL injection vulnerability via the stu_id parameter at /modules/students/Student.php.

8.8CVSS8.2AI score0.00035EPSS

Web

CVE•added 2025/04/02 9:15 p.m.•45 views

CVE-2025-22925

OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the table parameter at /attendance/AttendanceCodes.php. The remote, authenticated attacker requires the admin role to successfully exploit this vulnerability.

7.5CVSS8.2AI score0.00088EPSS

Web

CVE•added 2025/04/03 2:15 p.m.•40 views

CVE-2025-22930

OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the groupid parameter at /messaging/Group.php.

9.8CVSS8.5AI score0.00036EPSS

Web

CVE•added 2025/04/03 1:15 p.m.•37 views

CVE-2025-22928

OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the cp_id parameter at /modules/messages/Inbox.php.

9.8CVSS8.5AI score0.00036EPSS

Web

CVE•added 2025/04/03 2:15 p.m.•37 views

CVE-2025-22931

An insecure direct object reference (IDOR) in the component /assets/stafffiles of OS4ED openSIS v7.0 to v9.1 allows unauthenticated attackers to access files uploaded by staff members.

7.5CVSS7.2AI score0.00106EPSS