Os4ed: >> Opensis >> 7.1 Security Vulnerabilities
OpenSIS 9.2 and below is vulnerable to Incorrect Access Control in Student.php, which allows an authenticated low-privilege user to perform unauthorized database write operations relating to the data of other users.
CVSS Score
8.1
EPSS Score
0.0
Published
2025-12-09
An insecure direct object reference (IDOR) in the component /assets/stafffiles of OS4ED openSIS v7.0 to v9.1 allows unauthenticated attackers to access files uploaded by staff members.
CVSS Score
7.5
EPSS Score
0.002
Published
2025-04-03
OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the cp_id parameter at /modules/messages/Inbox.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-04-03
openSIS before 7.4 allows SQL Injection.
CVSS Score
9.8
EPSS Score
0.015
Published
2020-07-01
openSIS through 7.4 allows SQL Injection.
CVSS Score
9.8
EPSS Score
0.363
Published
2020-07-01
openSIS through 7.4 has Incorrect Access Control.
CVSS Score
9.1
EPSS Score
0.586
Published
2020-07-01
openSIS through 7.4 allows Directory Traversal.
CVSS Score
7.5
EPSS Score
0.397
Published
2020-07-01