RSS   Podatności dla 'Opensis'   RSS

2022-04-11
 
CVE-2022-27041

CWE-89
 

 
Due to lack of protection, parameter student_id in OpenSIS Classic 8.0 /modules/eligibility/Student.php can be used to inject SQL queries to extract information from databases.

 
2022-03-03
 
CVE-2021-40637

CWE-79
 

 
OS4ED openSIS 8.0 is affected by cross-site scripting (XSS) in EmailCheckOthers.php. An attacker can inject JavaScript code to get the user's cookie and take over the working session of user.

 
 
CVE-2021-40635

CWE-89
 

 
OS4ED openSIS 8.0 is affected by SQL injection in ChooseCpSearch.php, ChooseRequestSearch.php. An attacker can inject a SQL query to extract information from the database.

 
 
CVE-2021-40636

CWE-89
 

 
OS4ED openSIS 8.0 is affected by SQL Injection in CheckDuplicateName.php, which can extract information from the database.

 
2021-11-30
 
CVE-2021-41677

CWE-89
 

 
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/functions/GetStuListFnc.php &Grade= parameter.

 
 
CVE-2021-41678

CWE-89
 

 
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/users/Staff.php, staff{TITLE] parameter.

 
 
CVE-2021-41679

CWE-89
 

 
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/grades/InputFinalGrades.php, period parameter.

 
2021-10-12
 
CVE-2021-40618

CWE-89
 

 
An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1) ADDR_CONT_USRN, 2) ADDR_CONT_PSWD, 3) SECN_CONT_USRN or 4) SECN_CONT_PSWD parameters in HoldAddressFields.php.

 
2021-10-11
 
CVE-2021-40617

CWE-89
 

 
An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php.

 
 
CVE-2021-40542

CWE-79
 

 
Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php.

 


Copyright 2024, cxsecurity.com

 

Back to Top