Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opensis vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-27341
OpenSIS Community Edition version <= 7.6 is affected by a local file inclusion vulnerability in DownloadWindow.php via the "filename" parameter.
Os4ed Opensis
9.8
CVSSv3
CVE-2021-41678
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/users/Staff.php, staff{TITLE] parameter.
Os4ed Opensis 8.0
9.8
CVSSv3
CVE-2021-41679
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/grades/InputFinalGrades.php, period parameter.
Os4ed Opensis 8.0
9.8
CVSSv3
CVE-2021-39378
A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through the NamesList.php str parameter.
Os4ed Opensis 8.0
1 Github repository
9.8
CVSSv3
CVE-2021-39379
A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through the ResetUserInfo.php password_stn_id parameter.
Os4ed Opensis 8.0
1 Github repository
9.8
CVSSv3
CVE-2021-39377
A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through the index.php username parameter.
Os4ed Opensis 8.0
1 Github repository
7.5
CVSSv3
CVE-2021-40636
OS4ED openSIS 8.0 is affected by SQL Injection in CheckDuplicateName.php, which can extract information from the database.
Os4ed Opensis 8.0
7.5
CVSSv3
CVE-2023-38879
The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote malicious users to read arbitrary files via a directory traversal vulnerability in the 'filename' parameter of 'DownloadWindow.php'.
Os4ed Opensis 9.0
9.8
CVSSv3
CVE-2023-38880
The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup is stored in the web root while the file name has a format of "opensisB...
Os4ed Opensis 9.0
6.1
CVSSv3
CVE-2023-38881
A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote malicious users to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into any of the 'calendar_id...
Os4ed Opensis 9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »