openSIS Community Edition
by openSIS
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-40617 | Cri | 0.67 | 9.8 | 0.05 | Oct 11, 2021 | An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php. | ||
| CVE-2024-35584 | Hig | 0.58 | 8.8 | 0.07 | Oct 15, 2024 | SQL injection vulnerabilities were discovered in Ajax.php, ForWindow.php, ForExport.php, Modules.php, functions/HackingLogFnc.php in OpenSis Community Edition 9.1 to 8.0, and possibly earlier versions. It is possible for an authenticated user to perform SQL Injection due to the… | ||
| CVE-2023-38885 | Hig | 0.57 | 8.8 | 0.00 | Nov 20, 2023 | OpenSIS Classic Community Edition version 9.0 lacks cross-site request forgery (CSRF) protection throughout the whole app. This may allow an attacker to trick an authenticated user into performing any kind of state changing request. | ||
| CVE-2020-27408 | Hig | 0.49 | 7.5 | 0.02 | Dec 4, 2020 | OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users. | ||
| CVE-2021-40310 | Med | 0.35 | 5.4 | 0.01 | Sep 24, 2021 | OpenSIS Community Edition version 8.0 is affected by a cross-site scripting (XSS) vulnerability in the TakeAttendance.php via the cp_id_miss_attn parameter. | ||
| CVE-2013-1349 | 0.05 | — | 0.23 | Dec 9, 2013 | Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter. | |||
| CVE-2020-6637 | Cri | 0.02 | 9.8 | 0.20 | Aug 24, 2020 | openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php. | ||
| CVE-2021-27341 | Cri | 0.00 | 9.8 | 0.02 | Sep 16, 2021 | OpenSIS Community Edition version <= 7.6 is affected by a local file inclusion vulnerability in DownloadWindow.php via the "filename" parameter. | ||
| CVE-2021-27340 | Med | 0.00 | 6.1 | 0.01 | Sep 16, 2021 | OpenSIS Community Edition version <= 7.6 is affected by a reflected XSS vulnerability in EmailCheck.php via the "opt" parameter. | ||
| CVE-2020-27409 | Med | 0.00 | 6.1 | 0.01 | Dec 4, 2020 | OpenSIS Community Edition before 7.5 is affected by a cross-site scripting (XSS) vulnerability in SideForStudent.php via the modname parameter. |
- risk 0.67cvss 9.8epss 0.05
An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php.
- risk 0.58cvss 8.8epss 0.07
SQL injection vulnerabilities were discovered in Ajax.php, ForWindow.php, ForExport.php, Modules.php, functions/HackingLogFnc.php in OpenSis Community Edition 9.1 to 8.0, and possibly earlier versions. It is possible for an authenticated user to perform SQL Injection due to the…
- risk 0.57cvss 8.8epss 0.00
OpenSIS Classic Community Edition version 9.0 lacks cross-site request forgery (CSRF) protection throughout the whole app. This may allow an attacker to trick an authenticated user into performing any kind of state changing request.
- risk 0.49cvss 7.5epss 0.02
OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users.
- risk 0.35cvss 5.4epss 0.01
OpenSIS Community Edition version 8.0 is affected by a cross-site scripting (XSS) vulnerability in the TakeAttendance.php via the cp_id_miss_attn parameter.
- CVE-2013-1349Dec 9, 2013risk 0.05cvss —epss 0.23
Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter.
- risk 0.02cvss 9.8epss 0.20
openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php.
- risk 0.00cvss 9.8epss 0.02
OpenSIS Community Edition version <= 7.6 is affected by a local file inclusion vulnerability in DownloadWindow.php via the "filename" parameter.
- risk 0.00cvss 6.1epss 0.01
OpenSIS Community Edition version <= 7.6 is affected by a reflected XSS vulnerability in EmailCheck.php via the "opt" parameter.
- risk 0.00cvss 6.1epss 0.01
OpenSIS Community Edition before 7.5 is affected by a cross-site scripting (XSS) vulnerability in SideForStudent.php via the modname parameter.