Vulnerabilities
Vulnerable Software
Os4ed:  >> Opensis  >> 7.0  Security Vulnerabilities
An insecure direct object reference (IDOR) in the component /assets/stafffiles of OS4ED openSIS v7.0 to v9.1 allows unauthenticated attackers to access files uploaded by staff members.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-04-03
OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the cp_id parameter at /modules/messages/Inbox.php.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-04-03
openSIS before 7.4 allows SQL Injection.
CVSS Score
9.8
EPSS Score
0.011
Published
2020-07-01
openSIS through 7.4 allows SQL Injection.
CVSS Score
9.8
EPSS Score
0.46
Published
2020-07-01
openSIS through 7.4 has Incorrect Access Control.
CVSS Score
9.1
EPSS Score
0.586
Published
2020-07-01
openSIS through 7.4 allows Directory Traversal.
CVSS Score
7.5
EPSS Score
0.421
Published
2020-07-01


Contact Us

Shodan ® - All rights reserved