Shodan
Vulnerabilities
Vulnerable Software
Os4ed:  >> Opensis  >> 7.6  Security Vulnerabilities
CVE-2025-22929
OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the filter_id parameter at /students/StudentFilters.php.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-04-03
CVE-2025-22930
OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the groupid parameter at /messaging/Group.php.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-04-03
CVE-2025-22931
An insecure direct object reference (IDOR) in the component /assets/stafffiles of OS4ED openSIS v7.0 to v9.1 allows unauthenticated attackers to access files uploaded by staff members.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-04-03
CVE-2025-22928
OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the cp_id parameter at /modules/messages/Inbox.php.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-04-03
CVE-2025-22924
OS4ED openSIS v7.0 through v9.1 contains a SQL injection vulnerability via the stu_id parameter at /modules/students/Student.php.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-04-02
CVE-2025-22925
OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the table parameter at /attendance/AttendanceCodes.php. The remote, authenticated attacker requires the admin role to successfully exploit this vulnerability.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-04-02
CVE-2022-45962
Open Solutions for Education, Inc openSIS Community Edition v8.0 and earlier is vulnerable to SQL Injection via CalendarModal.php.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-02-13
CVE-2021-27340
OpenSIS Community Edition version <= 7.6 is affected by a reflected XSS vulnerability in EmailCheck.php via the "opt" parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-09-16
CVE-2021-27341
OpenSIS Community Edition version <= 7.6 is affected by a local file inclusion vulnerability in DownloadWindow.php via the "filename" parameter.
CVSS Score
9.8
EPSS Score
0.008
Published
2021-09-16
CVE-2020-27408
OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users.
CVSS Score
7.5
EPSS Score
0.012
Published
2020-12-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved