Vulnerabilities > Os4Ed

DATE CVE VULNERABILITY TITLE RISK
2022-03-03 CVE-2021-40635 SQL Injection vulnerability in Os4Ed Opensis 8.0
OS4ED openSIS 8.0 is affected by SQL injection in ChooseCpSearch.php, ChooseRequestSearch.php.
network
low complexity
os4ed CWE-89
7.5
7.5
2022-03-03 CVE-2021-40636 SQL Injection vulnerability in Os4Ed Opensis 8.0
OS4ED openSIS 8.0 is affected by SQL Injection in CheckDuplicateName.php, which can extract information from the database.
network
low complexity
os4ed CWE-89
7.5
7.5
2021-11-30 CVE-2021-41678 SQL Injection vulnerability in Os4Ed Opensis 8.0
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database.
network
low complexity
os4ed CWE-89
critical
 9.8
9.8
2021-11-30 CVE-2021-41679 SQL Injection vulnerability in Os4Ed Opensis 8.0
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database.
network
low complexity
os4ed CWE-89
critical
 9.8
9.8
2021-11-30 CVE-2021-41677 SQL Injection vulnerability in Os4Ed Opensis 8.0
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database.
network
low complexity
os4ed CWE-89
critical
 9.8
9.8
2021-10-12 CVE-2021-40618 SQL Injection vulnerability in Os4Ed Opensis 8.0
An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1) ADDR_CONT_USRN, 2) ADDR_CONT_PSWD, 3) SECN_CONT_USRN or 4) SECN_CONT_PSWD parameters in HoldAddressFields.php.
network
low complexity
os4ed CWE-89
critical
 9.8
9.8
2021-10-11 CVE-2021-40617 SQL Injection vulnerability in Os4Ed Opensis 8.0
An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php.
network
low complexity
os4ed CWE-89
critical
 9.8
9.8
2021-10-11 CVE-2021-40542 Cross-site Scripting vulnerability in Os4Ed Opensis 8.0
Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS).
network
low complexity
os4ed CWE-79
6.1
6.1
2021-10-11 CVE-2021-40543 SQL Injection vulnerability in Os4Ed Opensis 8.0
Opensis-Classic Version 8.0 is affected by a SQL injection vulnerability due to a lack of sanitization of input data at two parameters $_GET['usrid'] and $_GET['prof_id'] in the PasswordCheck.php file.
network
low complexity
os4ed CWE-89
critical
 9.8
9.8
2021-09-29 CVE-2021-40651 Path Traversal vulnerability in Os4Ed Opensis 8.0
OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server's filesystem as long as the application has access to the file.
network
low complexity
os4ed CWE-22
6.5
6.5