openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php.
os4ed opensis 7.3