Shodan
Vulnerabilities
Vulnerable Software
Os4ed:  >> Opensis  Security Vulnerabilities
CVE-2025-26186
SQL Injection vulnerability in openSIS v.9.1 allows a remote attacker to execute arbitrary code via the id parameter in Ajax.php
CVSS Score
8.1
EPSS Score
0.002
Published
2025-07-15
CVE-2021-41691
A SQL injection vulnerability exists in OS4Ed Open Source Information System Community v8.0 via the "student_id" and "TRANSFER{SCHOOL]" parameters in POST request sent to /TransferredOutModal.php.
CVSS Score
9.8
EPSS Score
0.047
Published
2025-06-24
CVE-2025-22926
An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to /Modules.php?modname=messaging/Inbox.php&modfunc=save&filename.
CVSS Score
9.8
EPSS Score
0.008
Published
2025-04-03
CVE-2025-22929
OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the filter_id parameter at /students/StudentFilters.php.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-04-03
CVE-2025-22930
OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the groupid parameter at /messaging/Group.php.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-04-03
CVE-2025-22931
An insecure direct object reference (IDOR) in the component /assets/stafffiles of OS4ED openSIS v7.0 to v9.1 allows unauthenticated attackers to access files uploaded by staff members.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-04-03
CVE-2025-22927
An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to /Modules.php?modname=messaging/Inbox.php&modfunc=save&filename.
CVSS Score
9.1
EPSS Score
0.007
Published
2025-04-03
CVE-2025-22928
OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the cp_id parameter at /modules/messages/Inbox.php.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-04-03
CVE-2025-22923
An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal and delete files by sending a crafted POST request to /Modules.php?modname=users/Staff.php&removefile.
CVSS Score
8.8
EPSS Score
0.009
Published
2025-04-02
CVE-2025-22924
OS4ED openSIS v7.0 through v9.1 contains a SQL injection vulnerability via the stu_id parameter at /modules/students/Student.php.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-04-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved