Vulnerabilities > Open School > Open School > 1.0

DATE	CVE	VULNERABILITY TITLE	RISK
2009-12-04	CVE-2009-4208	SQL Injection vulnerability in Open-School 1.0 SQL injection vulnerability in the os_news module in Open-school (OS) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action to index.php. network low complexity open-school CWE-89	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.