Due to lack of protection, parameter student_id in OpenSIS Classic 8.0 /modules/eligibility/Student.php can be used to inject SQL queries to extract information from databases.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
os4ed opensis 8.0 |