📦 Opensis
by Os4ed
🔍 What is Opensis?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This SQL injection vulnerability in OS4Ed OpenSIS allows attackers to execute arbitrary SQL commands through manipulated student_id and TRANSFER{SCHOOL] parameters. It affects all users of OpenSIS Com...
This vulnerability allows attackers to perform directory traversal attacks by sending a specially crafted POST request to the openSIS messaging module. Attackers can potentially read, write, or delete...
This SQL injection vulnerability in OS4ED openSIS allows attackers to execute arbitrary SQL commands via the groupid parameter in the Group.php messaging component. All organizations running openSIS v...
This vulnerability allows attackers to perform directory traversal attacks by sending a specially crafted POST request to the openSIS messaging module. Attackers can potentially read, write, or delete...
This SQL injection vulnerability in OS4ED openSIS-Classic allows attackers to execute arbitrary SQL commands by manipulating the $username_stn_id parameter in resetuserinfo.php. Successful exploitatio...
This vulnerability allows unauthenticated attackers to download full database backups containing sensitive information like password hashes. It affects OS4ED's openSIS Classic Community Edition versio...
A SQL injection vulnerability in openSIS version 8.0 allows attackers to execute arbitrary SQL commands through the staff[TITLE] parameter in Staff.php. This affects all openSIS deployments using MySQ...
A SQL injection vulnerability in openSIS version 8.0 allows attackers to execute arbitrary SQL commands through the Grade parameter. This affects all openSIS 8.0 installations using MySQL or MariaDB d...
This SQL injection vulnerability in openSIS Classic 8.0 allows attackers to execute arbitrary SQL commands through specific parameters in HoldAddressFields.php. This affects all users running the vuln...
This vulnerability allows attackers to execute arbitrary SQL commands on Opensis-Classic Version 8.0 by injecting malicious input into the 'usrid' and 'prof_id' parameters in PasswordCheck.php. It aff...
OpenSIS Community Edition versions up to 7.6 contain a local file inclusion vulnerability in DownloadWindow.php via the 'filename' parameter. This allows attackers to read arbitrary files from the ser...
This SQL injection vulnerability in openSIS 8.0 allows attackers to execute arbitrary SQL commands through the username parameter in index.php when using MySQL/MariaDB. This can lead to unauthorized d...
This SQL injection vulnerability in openSIS 8.0 allows attackers to execute arbitrary SQL commands on the MySQL/MariaDB database through the password_stn_id parameter in ResetUserInfo.php. Any openSIS...
This is a critical SQL injection vulnerability in openSIS version 8.0 when using MySQL or MariaDB databases. Attackers can inject malicious SQL commands through the USERNAME parameter in index.php, po...
This is a critical remote code execution vulnerability in OS4Ed openSIS 7.4's installation functionality. Attackers can inject malicious PHP code through the password parameter during installation, al...
This CVE describes a critical SQL injection vulnerability in OS4Ed openSIS 7.3's password reset functionality. Attackers can exploit the 'uname' parameter in ResetUserInfo.php to execute arbitrary SQL...
This SQL injection vulnerability in OS4Ed openSIS 7.3 allows attackers to execute arbitrary SQL commands through the password reset functionality. Attackers can potentially access, modify, or delete d...
CVE-2020-6141 is a critical SQL injection vulnerability in OS4Ed openSIS 7.3 login functionality that allows attackers to execute arbitrary SQL commands. This affects all openSIS 7.3 installations wit...
OpenSIS 9.2 and below contains an incorrect access control vulnerability in Student.php that allows authenticated low-privilege users to perform unauthorized database write operations on other users' ...
This SQL injection vulnerability in openSIS v9.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in Ajax.php. Attackers can potentially read, modify, or delete database ...
CVE-2025-22924 is a SQL injection vulnerability in OS4ED openSIS versions 7.0 through 9.1 that allows attackers to execute arbitrary SQL commands via the stu_id parameter in the Student.php module. Th...
An unauthenticated attacker can access any student's files by manipulating the URL path in openSIS Classic Community Edition. This affects all installations of version 9.0 that expose the student file...
CVE-2022-27041 is an SQL injection vulnerability in OpenSIS Classic's Student.php module that allows attackers to manipulate the student_id parameter to execute arbitrary SQL queries. This affects all...
CVE-2021-40635 is an SQL injection vulnerability in OS4ED openSIS 8.0 that allows attackers to execute arbitrary SQL queries through ChooseCpSearch.php and ChooseRequestSearch.php. This affects all or...