Opensis Security Vulnerabilities and Issues — Opensis CVE List

Lucene search

Os4edOpensis

11 matches found

CVE•added 2025/04/03 2:15 p.m.•48 views

CVE-2025-22926

An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to /Modules.php?modname=messaging/Inbox.php&modfunc=save&filename.

9.8CVSS7.3AI score0.00794EPSS

CVE•added 2025/06/24 4:15 p.m.•47 views

CVE-2021-41691

A SQL injection vulnerability exists in OS4Ed Open Source Information System Community v8.0 via the "student_id" and "TRANSFER{SCHOOL]" parameters in POST request sent to /TransferredOutModal.php.

9.8CVSS6.6AI score0.04727EPSS

CVE•added 2025/04/02 9:15 p.m.•44 views

CVE-2025-22924

OS4ED openSIS v7.0 through v9.1 contains a SQL injection vulnerability via the stu_id parameter at /modules/students/Student.php.

8.8CVSS8.2AI score0.00045EPSS

CVE•added 2025/04/03 2:15 p.m.•44 views

CVE-2025-22929

OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the filter_id parameter at /students/StudentFilters.php.

9.8CVSS8.5AI score0.00046EPSS

CVE•added 2025/04/02 9:15 p.m.•43 views

CVE-2025-22925

OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the table parameter at /attendance/AttendanceCodes.php. The remote, authenticated attacker requires the admin role to successfully exploit this vulnerability.

7.5CVSS8.2AI score0.00113EPSS

CVE•added 2025/04/03 1:15 p.m.•42 views

CVE-2025-22927

An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to /Modules.php?modname=messaging/Inbox.php&modfunc=save&filename.

9.1CVSS7.3AI score0.00745EPSS

CVE•added 2025/04/02 9:15 p.m.•41 views

CVE-2025-22923

An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal and delete files by sending a crafted POST request to /Modules.php?modname=users/Staff.php&removefile.

8.8CVSS7.4AI score0.00861EPSS

CVE•added 2025/04/03 2:15 p.m.•38 views

CVE-2025-22930

OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the groupid parameter at /messaging/Group.php.

9.8CVSS8.5AI score0.00046EPSS

CVE•added 2025/04/03 1:15 p.m.•35 views

CVE-2025-22928

OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the cp_id parameter at /modules/messages/Inbox.php.

9.8CVSS8.5AI score0.00046EPSS

CVE•added 2025/04/03 2:15 p.m.•35 views

CVE-2025-22931

An insecure direct object reference (IDOR) in the component /assets/stafffiles of OS4ED openSIS v7.0 to v9.1 allows unauthenticated attackers to access files uploaded by staff members.

7.5CVSS7.2AI score0.00067EPSS

CVE•added 2025/07/15 5:15 p.m.•6 views

CVE-2025-26186

SQL Injection vulnerability in openSIS v.9.1 allows a remote attacker to execute arbitrary code via the id parameter in Ajax.php

8.1CVSS9AI score0.00199EPSS