Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opensis vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-38879
The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote malicious users to read arbitrary files via a directory traversal vulnerability in the 'filename' parameter of 'DownloadWindow.php'.
Os4ed Opensis 9.0
NA
CVE-2023-38880
The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup is stored in the web root while the file name has a format of "opensisB...
Os4ed Opensis 9.0
NA
CVE-2023-38881
A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote malicious users to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into any of the 'calendar_id...
Os4ed Opensis 9.0
NA
CVE-2023-38882
A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote malicious users to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'include' para...
Os4ed Opensis 9.0
NA
CVE-2023-38884
An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote malicious user to access any student's files by visiting '/assets/studentfiles/<studentId>-<filename>'
Os4ed Opensis 9.0
578
VMScore
CVE-2020-6120
SQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The fn parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Os4ed Opensis 7.3
578
VMScore
CVE-2020-6136
An exploitable SQL injection vulnerability exists in the DownloadWindow.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Os4ed Opensis 7.3
668
VMScore
CVE-2020-6140
SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability.
Os4ed Opensis 7.3
668
VMScore
CVE-2020-6143
A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. The password variable which is set at line 122 in install/Step5.php allows for injection of PHP code into the Data.php file that it writes. An attacker can send an HTTP request to trig...
Os4ed Opensis 7.4
668
VMScore
CVE-2020-6144
A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. The username variable which is set at line 121 in install/Step5.php allows for injection of PHP code into the Data.php file that it writes. An attacker can send an HTTP request to trig...
Os4ed Opensis 7.4
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »