An issue exists in OpServices OpMon 9.3.1-1. Using password change parameters, an attacker could perform SQL injection without authentication.
opservices opmon 9.3.1-1