Vulnerabilities > Os4Ed > Opensis > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-20 | CVE-2023-38880 | Unspecified vulnerability in Os4Ed Opensis 9.0 The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. | 9.8 |
2021-11-30 | CVE-2021-41679 | SQL Injection vulnerability in Os4Ed Opensis 8.0 A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. | 9.8 |
2021-11-30 | CVE-2021-41678 | SQL Injection vulnerability in Os4Ed Opensis 8.0 A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. | 9.8 |
2021-11-30 | CVE-2021-41677 | SQL Injection vulnerability in Os4Ed Opensis 8.0 A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. | 9.8 |
2021-10-12 | CVE-2021-40618 | SQL Injection vulnerability in Os4Ed Opensis 8.0 An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1) ADDR_CONT_USRN, 2) ADDR_CONT_PSWD, 3) SECN_CONT_USRN or 4) SECN_CONT_PSWD parameters in HoldAddressFields.php. | 9.8 |
2021-10-11 | CVE-2021-40617 | SQL Injection vulnerability in Os4Ed Opensis 8.0 An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php. | 9.8 |
2021-10-11 | CVE-2021-40543 | SQL Injection vulnerability in Os4Ed Opensis 8.0 Opensis-Classic Version 8.0 is affected by a SQL injection vulnerability due to a lack of sanitization of input data at two parameters $_GET['usrid'] and $_GET['prof_id'] in the PasswordCheck.php file. | 9.8 |
2021-09-16 | CVE-2021-27341 | Path Traversal vulnerability in Os4Ed Opensis 7.3/7.6 OpenSIS Community Edition version <= 7.6 is affected by a local file inclusion vulnerability in DownloadWindow.php via the "filename" parameter. | 9.8 |
2021-09-01 | CVE-2021-39379 | SQL Injection vulnerability in Os4Ed Opensis 8.0 A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. | 9.8 |
2021-09-01 | CVE-2021-39378 | SQL Injection vulnerability in Os4Ed Opensis 8.0 A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. | 9.8 |