CVE-2024-46626

OS4ED openSIS-Classic v9.1 was discovered to contain a SQL injection vulnerability via a crafted payload.

CVE-2024-35584

SQL injection vulnerabilities were discovered in Ajax.php, ForWindow.php, ForExport.php, Modules.php, functions/HackingLogFnc.php in OpenSis Community Edition 9.1 to 8.0, and possibly earlier versions. It is possible for an authenticated user to perform SQL Injection due to the lack to sanitisation...