Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
os4ed opensis vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2021-40542
Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php.
Os4ed Opensis 8.0
4
CVSSv2
CVE-2021-40651
OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server's filesystem as long as the application has access to the file.
Os4ed Opensis 8.0
7.5
CVSSv2
CVE-2021-40353
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the index.php USERNAME parameter. NOTE: this issue may exist because of an incomplete fix for CVE-2020-6637...
Os4ed Opensis 8.0
1 Github repository
7.5
CVSSv2
CVE-2020-6637
openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php.
Os4ed Opensis 7.3
7.5
CVSSv2
CVE-2021-39377
A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through the index.php username parameter.
Os4ed Opensis 8.0
1 Github repository
7.5
CVSSv2
CVE-2021-39379
A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through the ResetUserInfo.php password_stn_id parameter.
Os4ed Opensis 8.0
1 Github repository
5
CVSSv2
CVE-2022-27041
Due to lack of protection, parameter student_id in OpenSIS Classic 8.0 /modules/eligibility/Student.php can be used to inject SQL queries to extract information from databases.
Os4ed Opensis 8.0
5
CVSSv2
CVE-2021-40635
OS4ED openSIS 8.0 is affected by SQL injection in ChooseCpSearch.php, ChooseRequestSearch.php. An attacker can inject a SQL query to extract information from the database.
Os4ed Opensis 8.0
5
CVSSv2
CVE-2021-40636
OS4ED openSIS 8.0 is affected by SQL Injection in CheckDuplicateName.php, which can extract information from the database.
Os4ed Opensis 8.0
4.3
CVSSv2
CVE-2021-40637
OS4ED openSIS 8.0 is affected by cross-site scripting (XSS) in EmailCheckOthers.php. An attacker can inject JavaScript code to get the user's cookie and take over the working session of user.
Os4ed Opensis 8.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »