header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

openSIS 9.1 – SQL Injection (Authenticated)

A SQL injection vulnerability was discovered in OS4Ed Open Source Information System Community version 9.1. By manipulating the 'X-Forwarded-For' header parameters in a POST request to /Ajax.php, an attacker can execute malicious SQL queries.

openSIS Student Information System 8.0 – ‘multiple’ SQL Injection

A SQL injection vulnerability exists in OS4Ed Open Source Information System Community v8.0 via the 'student_id' and 'TRANSFER{SCHOOL]' parameters in POST request sent to /TransferredOutModal.php. If an attacker exploits this vulnerability, attacker may access private data in the database system.

OpenSIS 8.0 – ‘cp_id_miss_attn’ Reflected Cross-Site Scripting (XSS)

OpenSIS Community Edition version 8.0 is affected by a cross-site scripting (XSS) vulnerability in the TakeAttendance.php via the cp_id_miss_attn parameter. An attacker can exploit this vulnerability by sending a maliciously crafted request to the vulnerable application. This will allow the attacker to execute arbitrary HTML and JavaScript code in the context of the affected application.

OpenSIS Community 8.0 – ‘cp_id_miss_attn’ SQL Injection

A SQL injection vulnerability exists in the Take Attendance functionality of OS4Ed's OpenSIS 8.0. allows an attacker to inject their own SQL query. The cp_id_miss_attn parameter from TakeAttendance.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request as a user with access to 'Take Attendance' functionality to trigger this vulnerability.

Recent Exploits: