Vulnerabilities > Os4Ed > Opensis > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-11-20 CVE-2023-38880 Unspecified vulnerability in Os4Ed Opensis 9.0
The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality.
network
low complexity
os4ed
critical
9.8
2021-11-30 CVE-2021-41679 SQL Injection vulnerability in Os4Ed Opensis 8.0
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database.
network
low complexity
os4ed CWE-89
critical
9.8
2021-11-30 CVE-2021-41678 SQL Injection vulnerability in Os4Ed Opensis 8.0
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database.
network
low complexity
os4ed CWE-89
critical
9.8
2021-11-30 CVE-2021-41677 SQL Injection vulnerability in Os4Ed Opensis 8.0
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database.
network
low complexity
os4ed CWE-89
critical
9.8
2021-10-12 CVE-2021-40618 SQL Injection vulnerability in Os4Ed Opensis 8.0
An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1) ADDR_CONT_USRN, 2) ADDR_CONT_PSWD, 3) SECN_CONT_USRN or 4) SECN_CONT_PSWD parameters in HoldAddressFields.php.
network
low complexity
os4ed CWE-89
critical
9.8
2021-10-11 CVE-2021-40617 SQL Injection vulnerability in Os4Ed Opensis 8.0
An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php.
network
low complexity
os4ed CWE-89
critical
9.8
2021-10-11 CVE-2021-40543 SQL Injection vulnerability in Os4Ed Opensis 8.0
Opensis-Classic Version 8.0 is affected by a SQL injection vulnerability due to a lack of sanitization of input data at two parameters $_GET['usrid'] and $_GET['prof_id'] in the PasswordCheck.php file.
network
low complexity
os4ed CWE-89
critical
9.8
2021-09-16 CVE-2021-27341 Path Traversal vulnerability in Os4Ed Opensis 7.3/7.6
OpenSIS Community Edition version <= 7.6 is affected by a local file inclusion vulnerability in DownloadWindow.php via the "filename" parameter.
network
low complexity
os4ed CWE-22
critical
9.8
2021-09-01 CVE-2021-39379 SQL Injection vulnerability in Os4Ed Opensis 8.0
A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database.
network
low complexity
os4ed CWE-89
critical
9.8
2021-09-01 CVE-2021-39378 SQL Injection vulnerability in Os4Ed Opensis 8.0
A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database.
network
low complexity
os4ed CWE-89
critical
9.8