Os4ed Security Vulnerabilities (CVEs)
Track 24 security vulnerabilities affecting Os4ed products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
OpenSIS 9.2 and below contains an incorrect access control vulnerability in Student.php that allows authenticated low-privilege users to perform unaut...
Dec 9, 2025This SQL injection vulnerability in openSIS v9.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in Ajax.php. Attackers...
Jul 15, 2025This SQL injection vulnerability in OS4Ed OpenSIS allows attackers to execute arbitrary SQL commands through manipulated student_id and TRANSFER{SCHOO...
Jun 24, 2025This vulnerability allows attackers to perform directory traversal attacks by sending a specially crafted POST request to the openSIS messaging module...
Apr 3, 2025This SQL injection vulnerability in OS4ED openSIS allows attackers to execute arbitrary SQL commands via the groupid parameter in the Group.php messag...
Apr 3, 2025This vulnerability allows attackers to perform directory traversal attacks by sending a specially crafted POST request to the openSIS messaging module...
Apr 3, 2025CVE-2025-22924 is a SQL injection vulnerability in OS4ED openSIS versions 7.0 through 9.1 that allows attackers to execute arbitrary SQL commands via ...
Apr 2, 2025This SQL injection vulnerability in OS4ED openSIS-Classic allows attackers to execute arbitrary SQL commands by manipulating the $username_stn_id para...
Nov 8, 2024This vulnerability allows unauthenticated attackers to download full database backups containing sensitive information like password hashes. It affect...
Nov 20, 2023An unauthenticated attacker can access any student's files by manipulating the URL path in openSIS Classic Community Edition. This affects all install...
Nov 20, 2023CVE-2022-27041 is an SQL injection vulnerability in OpenSIS Classic's Student.php module that allows attackers to manipulate the student_id parameter ...
Apr 11, 2022CVE-2021-40635 is an SQL injection vulnerability in OS4ED openSIS 8.0 that allows attackers to execute arbitrary SQL queries through ChooseCpSearch.ph...
Mar 3, 2022A SQL injection vulnerability in openSIS version 8.0 allows attackers to execute arbitrary SQL commands through the staff[TITLE] parameter in Staff.ph...
Nov 30, 2021A SQL injection vulnerability in openSIS version 8.0 allows attackers to execute arbitrary SQL commands through the Grade parameter. This affects all ...
Nov 30, 2021This SQL injection vulnerability in openSIS Classic 8.0 allows attackers to execute arbitrary SQL commands through specific parameters in HoldAddressF...
Oct 12, 2021This vulnerability allows attackers to execute arbitrary SQL commands on Opensis-Classic Version 8.0 by injecting malicious input into the 'usrid' and...
Oct 11, 2021OpenSIS Community Edition versions up to 7.6 contain a local file inclusion vulnerability in DownloadWindow.php via the 'filename' parameter. This all...
Sep 16, 2021This SQL injection vulnerability in openSIS 8.0 allows attackers to execute arbitrary SQL commands through the username parameter in index.php when us...
Sep 1, 2021This SQL injection vulnerability in openSIS 8.0 allows attackers to execute arbitrary SQL commands on the MySQL/MariaDB database through the password_...
Sep 1, 2021This is a critical SQL injection vulnerability in openSIS version 8.0 when using MySQL or MariaDB databases. Attackers can inject malicious SQL comman...
Sep 1, 2021This is a critical remote code execution vulnerability in OS4Ed openSIS 7.4's installation functionality. Attackers can inject malicious PHP code thro...
Sep 1, 2020This CVE describes a critical SQL injection vulnerability in OS4Ed openSIS 7.3's password reset functionality. Attackers can exploit the 'uname' param...
Sep 1, 2020This SQL injection vulnerability in OS4Ed openSIS 7.3 allows attackers to execute arbitrary SQL commands through the password reset functionality. Att...
Sep 1, 2020CVE-2020-6141 is a critical SQL injection vulnerability in OS4Ed openSIS 7.3 login functionality that allows attackers to execute arbitrary SQL comman...
Sep 1, 2020Why Monitor Os4ed Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 24+ known vulnerabilities affecting Os4ed products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Os4ed packages in under 60 seconds. No agents required - completely agentless scanning that works across Os4ed deployments.
Free vulnerability database: Access detailed information about every Os4ed CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Os4ed CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
