Vulnerabilities > Os4Ed > Opensis > 8.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-13 | CVE-2022-45962 | SQL Injection vulnerability in Os4Ed Opensis 7.3/7.6/8.0 Open Solutions for Education, Inc openSIS Community Edition v8.0 and earlier is vulnerable to SQL Injection via CalendarModal.php. | 6.5 |
| 2022-04-11 | CVE-2022-27041 | SQL Injection vulnerability in Os4Ed Opensis 8.0 Due to lack of protection, parameter student_id in OpenSIS Classic 8.0 /modules/eligibility/Student.php can be used to inject SQL queries to extract information from databases. | 7.5 |
| 2022-03-03 | CVE-2021-40637 | Cross-site Scripting vulnerability in Os4Ed Opensis 8.0 OS4ED openSIS 8.0 is affected by cross-site scripting (XSS) in EmailCheckOthers.php. | 6.1 |
| 2022-03-03 | CVE-2021-40635 | SQL Injection vulnerability in Os4Ed Opensis 8.0 OS4ED openSIS 8.0 is affected by SQL injection in ChooseCpSearch.php, ChooseRequestSearch.php. | 7.5 |
| 2022-03-03 | CVE-2021-40636 | SQL Injection vulnerability in Os4Ed Opensis 8.0 OS4ED openSIS 8.0 is affected by SQL Injection in CheckDuplicateName.php, which can extract information from the database. | 7.5 |
| 2021-11-30 | CVE-2021-41678 | SQL Injection vulnerability in Os4Ed Opensis 8.0 A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. | 9.8 |
| 2021-11-30 | CVE-2021-41679 | SQL Injection vulnerability in Os4Ed Opensis 8.0 A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. | 9.8 |
| 2021-11-30 | CVE-2021-41677 | SQL Injection vulnerability in Os4Ed Opensis 8.0 A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. | 9.8 |
| 2021-10-12 | CVE-2021-40618 | SQL Injection vulnerability in Os4Ed Opensis 8.0 An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1) ADDR_CONT_USRN, 2) ADDR_CONT_PSWD, 3) SECN_CONT_USRN or 4) SECN_CONT_PSWD parameters in HoldAddressFields.php. | 9.8 |
| 2021-10-11 | CVE-2021-40617 | SQL Injection vulnerability in Os4Ed Opensis 8.0 An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php. | 9.8 |