Os4ed: >> Opensis >> 4.9 Security Vulnerabilities
OpenSIS 9.2 and below is vulnerable to Incorrect Access Control in Student.php, which allows an authenticated low-privilege user to perform unauthorized database write operations relating to the data of other users.
CVSS Score
8.1
EPSS Score
0.0
Published
2025-12-09
openSIS before 7.4 allows SQL Injection.
CVSS Score
9.8
EPSS Score
0.015
Published
2020-07-01
openSIS through 7.4 allows SQL Injection.
CVSS Score
9.8
EPSS Score
0.363
Published
2020-07-01
openSIS through 7.4 has Incorrect Access Control.
CVSS Score
9.1
EPSS Score
0.586
Published
2020-07-01
openSIS through 7.4 allows Directory Traversal.
CVSS Score
7.5
EPSS Score
0.397
Published
2020-07-01
Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter.
CVSS Score
7.5
EPSS Score
0.709
Published
2013-12-09