Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Opensis
(Os4ed)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 71 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-04-02 | CVE-2025-22924 | OS4ED openSIS v7.0 through v9.1 contains a SQL injection vulnerability via the stu_id parameter at /modules/students/Student.php. | Opensis | N/A | ||
| 2025-04-02 | CVE-2025-22925 | OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the table parameter at /attendance/AttendanceCodes.php. The remote, authenticated attacker requires the admin role to successfully exploit this vulnerability. | Opensis | N/A | ||
| 2025-04-03 | CVE-2025-22928 | OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the cp_id parameter at /modules/messages/Inbox.php. | Opensis | N/A | ||
| 2025-04-03 | CVE-2025-22926 | An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to /Modules.php?modname=messaging/Inbox.php&modfunc=save&filename. | Opensis | N/A | ||
| 2025-04-03 | CVE-2025-22929 | OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the filter_id parameter at /students/StudentFilters.php. | Opensis | N/A | ||
| 2025-04-03 | CVE-2025-22930 | OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the groupid parameter at /messaging/Group.php. | Opensis | N/A | ||
| 2020-07-01 | CVE-2020-13380 | openSIS before 7.4 allows SQL Injection. | Opensis | 9.8 | ||
| 2020-07-01 | CVE-2020-13381 | openSIS through 7.4 allows SQL Injection. | Opensis | 9.8 | ||
| 2020-07-01 | CVE-2020-13382 | openSIS through 7.4 has Incorrect Access Control. | Opensis | 9.1 | ||
| 2020-07-01 | CVE-2020-13383 | openSIS through 7.4 allows Directory Traversal. | Opensis | 7.5 |