VYPR

openSIS Community Edition

by openSIS

CVEs (10)

  • CVE-2021-40617CriOct 11, 2021
    risk 0.67cvss 9.8epss 0.05

    An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php.

  • CVE-2024-35584HigOct 15, 2024
    risk 0.58cvss 8.8epss 0.07

    SQL injection vulnerabilities were discovered in Ajax.php, ForWindow.php, ForExport.php, Modules.php, functions/HackingLogFnc.php in OpenSis Community Edition 9.1 to 8.0, and possibly earlier versions. It is possible for an authenticated user to perform SQL Injection due to the…

  • CVE-2023-38885HigNov 20, 2023
    risk 0.57cvss 8.8epss 0.00

    OpenSIS Classic Community Edition version 9.0 lacks cross-site request forgery (CSRF) protection throughout the whole app. This may allow an attacker to trick an authenticated user into performing any kind of state changing request.

  • CVE-2020-27408HigDec 4, 2020
    risk 0.49cvss 7.5epss 0.02

    OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users.

  • CVE-2021-40310MedSep 24, 2021
    risk 0.35cvss 5.4epss 0.01

    OpenSIS Community Edition version 8.0 is affected by a cross-site scripting (XSS) vulnerability in the TakeAttendance.php via the cp_id_miss_attn parameter.

  • CVE-2013-1349Dec 9, 2013
    risk 0.05cvss epss 0.23

    Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter.

  • CVE-2020-6637CriAug 24, 2020
    risk 0.02cvss 9.8epss 0.20

    openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php.

  • CVE-2021-27341CriSep 16, 2021
    risk 0.00cvss 9.8epss 0.02

    OpenSIS Community Edition version <= 7.6 is affected by a local file inclusion vulnerability in DownloadWindow.php via the "filename" parameter.

  • CVE-2021-27340MedSep 16, 2021
    risk 0.00cvss 6.1epss 0.01

    OpenSIS Community Edition version <= 7.6 is affected by a reflected XSS vulnerability in EmailCheck.php via the "opt" parameter.

  • CVE-2020-27409MedDec 4, 2020
    risk 0.00cvss 6.1epss 0.01

    OpenSIS Community Edition before 7.5 is affected by a cross-site scripting (XSS) vulnerability in SideForStudent.php via the modname parameter.