Lucene search

K
Os4edOpensis

29 matches found

CVE
CVE
added 2020/07/01 3:15 p.m.82 views

CVE-2020-13381

openSIS through 7.4 allows SQL Injection.

9.8CVSS9.6AI score0.46005EPSS
CVE
CVE
added 2020/07/01 3:15 p.m.79 views

CVE-2020-13382

openSIS through 7.4 has Incorrect Access Control.

9.1CVSS9.2AI score0.58623EPSS
CVE
CVE
added 2021/09/01 1:15 p.m.55 views

CVE-2021-39377

A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through the index.php username parameter.

9.8CVSS9.8AI score0.06999EPSS
CVE
CVE
added 2024/11/08 7:15 p.m.55 views

CVE-2024-51211

SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $username_stn_id parameter, which can be manipulated by an attacker to inject arbitrary SQL commands.

9.8CVSS7.9AI score0.04704EPSS
CVE
CVE
added 2021/09/01 1:15 a.m.54 views

CVE-2021-40353

A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the index.php USERNAME parameter. NOTE: this issue may exist because of an incomplete fix for CVE-2020-6637.

9.8CVSS9.9AI score0.85184EPSS
CVE
CVE
added 2020/09/01 9:15 p.m.49 views

CVE-2020-6142

A remote code execution vulnerability exists in the Modules.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can cause local file inclusion. An attacker can send an HTTP request to trigger this vulnerability.

9.9CVSS9.5AI score0.32266EPSS
CVE
CVE
added 2025/04/03 2:15 p.m.48 views

CVE-2025-22926

An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to /Modules.php?modname=messaging/Inbox.php&modfunc=save&filename.

9.8CVSS7.3AI score0.00794EPSS
CVE
CVE
added 2025/06/24 4:15 p.m.47 views

CVE-2021-41691

A SQL injection vulnerability exists in OS4Ed Open Source Information System Community v8.0 via the "student_id" and "TRANSFER{SCHOOL]" parameters in POST request sent to /TransferredOutModal.php.

9.8CVSS6.6AI score0.04727EPSS
CVE
CVE
added 2021/09/01 1:15 p.m.44 views

CVE-2021-39378

A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through the NamesList.php str parameter.

9.8CVSS9.8AI score0.25373EPSS
CVE
CVE
added 2025/04/03 2:15 p.m.44 views

CVE-2025-22929

OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the filter_id parameter at /students/StudentFilters.php.

9.8CVSS8.5AI score0.00046EPSS
CVE
CVE
added 2021/09/01 1:15 p.m.42 views

CVE-2021-39379

A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through the ResetUserInfo.php password_stn_id parameter.

9.8CVSS9.8AI score0.06999EPSS
CVE
CVE
added 2025/04/03 1:15 p.m.42 views

CVE-2025-22927

An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to /Modules.php?modname=messaging/Inbox.php&modfunc=save&filename.

9.1CVSS7.3AI score0.00745EPSS
CVE
CVE
added 2021/10/11 7:15 p.m.41 views

CVE-2021-40617

An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php.

9.8CVSS9.9AI score0.00404EPSS
CVE
CVE
added 2020/09/01 9:15 p.m.40 views

CVE-2020-6140

SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability.

9.8CVSS9.9AI score0.00717EPSS
CVE
CVE
added 2020/09/01 6:15 p.m.39 views

CVE-2020-6141

An exploitable SQL injection vulnerability exists in the login functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can send an HTTP request to trigger this vulnerability.

9.8CVSS9.8AI score0.10825EPSS
CVE
CVE
added 2020/08/24 7:15 p.m.39 views

CVE-2020-6637

openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php.

9.8CVSS9.7AI score0.85184EPSS
CVE
CVE
added 2020/09/01 9:15 p.m.38 views

CVE-2020-6138

SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The uname parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection An attacker can send an HTTP request to trigger this vulnerability.

9.8CVSS9.8AI score0.00717EPSS
CVE
CVE
added 2025/04/03 2:15 p.m.38 views

CVE-2025-22930

OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the groupid parameter at /messaging/Group.php.

9.8CVSS8.5AI score0.00046EPSS
CVE
CVE
added 2020/09/01 9:15 p.m.36 views

CVE-2020-6137

SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability.

9.8CVSS9.9AI score0.00717EPSS
CVE
CVE
added 2021/10/12 6:15 p.m.36 views

CVE-2021-40618

An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1) ADDR_CONT_USRN, 2) ADDR_CONT_PSWD, 3) SECN_CONT_USRN or 4) SECN_CONT_PSWD parameters in HoldAddressFields.php.

9.8CVSS9.9AI score0.00383EPSS
CVE
CVE
added 2025/04/03 1:15 p.m.35 views

CVE-2025-22928

OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the cp_id parameter at /modules/messages/Inbox.php.

9.8CVSS8.5AI score0.00046EPSS
CVE
CVE
added 2020/09/01 9:15 p.m.34 views

CVE-2020-6139

SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The username_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability.

9.8CVSS9.9AI score0.00717EPSS
CVE
CVE
added 2021/11/30 2:15 p.m.34 views

CVE-2021-41678

A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/users/Staff.php, staff{TITLE] parameter.

9.8CVSS9.9AI score0.00561EPSS
CVE
CVE
added 2021/09/16 2:15 p.m.33 views

CVE-2021-27341

OpenSIS Community Edition version <= 7.6 is affected by a local file inclusion vulnerability in DownloadWindow.php via the "filename" parameter.

9.8CVSS9.1AI score0.00836EPSS
CVE
CVE
added 2021/10/11 1:15 p.m.33 views

CVE-2021-40543

Opensis-Classic Version 8.0 is affected by a SQL injection vulnerability due to a lack of sanitization of input data at two parameters $_GET['usrid'] and $_GET['prof_id'] in the PasswordCheck.php file.

9.8CVSS9.6AI score0.00245EPSS
CVE
CVE
added 2021/11/30 2:15 p.m.33 views

CVE-2021-41679

A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/grades/InputFinalGrades.php, period parameter.

9.8CVSS9.9AI score0.00561EPSS
CVE
CVE
added 2020/07/01 3:15 p.m.28 views

CVE-2020-13380

openSIS before 7.4 allows SQL Injection.

9.8CVSS9.7AI score0.01142EPSS
CVE
CVE
added 2021/11/30 1:15 p.m.27 views

CVE-2021-41677

A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/functions/GetStuListFnc.php &Grade= parameter.

9.8CVSS9.9AI score0.00383EPSS
CVE
CVE
added 2023/11/20 7:15 p.m.24 views

CVE-2023-38880

The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup is stored in the web root while the file name has a format of "opensisBackup<date>.sql" (e.g. ...

9.8CVSS9.5AI score0.00137EPSS