Shodan
Vulnerabilities
Vulnerable Software
Os4ed:  >> Opensis  >> 7.3  Security Vulnerabilities
CVE-2025-22929
OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the filter_id parameter at /students/StudentFilters.php.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-04-03
CVE-2025-22930
OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the groupid parameter at /messaging/Group.php.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-04-03
CVE-2025-22931
An insecure direct object reference (IDOR) in the component /assets/stafffiles of OS4ED openSIS v7.0 to v9.1 allows unauthenticated attackers to access files uploaded by staff members.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-04-03
CVE-2025-22928
OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the cp_id parameter at /modules/messages/Inbox.php.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-04-03
CVE-2025-22924
OS4ED openSIS v7.0 through v9.1 contains a SQL injection vulnerability via the stu_id parameter at /modules/students/Student.php.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-04-02
CVE-2025-22925
OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the table parameter at /attendance/AttendanceCodes.php. The remote, authenticated attacker requires the admin role to successfully exploit this vulnerability.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-04-02
CVE-2022-45962
Open Solutions for Education, Inc openSIS Community Edition v8.0 and earlier is vulnerable to SQL Injection via CalendarModal.php.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-02-13
CVE-2021-27340
OpenSIS Community Edition version <= 7.6 is affected by a reflected XSS vulnerability in EmailCheck.php via the "opt" parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-09-16
CVE-2021-27341
OpenSIS Community Edition version <= 7.6 is affected by a local file inclusion vulnerability in DownloadWindow.php via the "filename" parameter.
CVSS Score
9.8
EPSS Score
0.008
Published
2021-09-16
CVE-2020-27409
OpenSIS Community Edition before 7.5 is affected by a cross-site scripting (XSS) vulnerability in SideForStudent.php via the modname parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-12-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved