OS4ED Administrator

4 exploits Active since Jul 2020
CVE-2020-13380 WRITEUP CRITICAL WRITEUP
openSIS < 7.4 - SQL Injection
openSIS before 7.4 allows SQL Injection.
CVSS 9.8
CVE-2020-13383 WRITEUP HIGH WRITEUP
openSIS <= 7.4 - Path Traversal
openSIS through 7.4 allows Directory Traversal.
CVSS 7.5
CVE-2020-27409 WRITEUP MEDIUM WRITEUP
OpenSIS < 7.5 - Cross-Site Scripting via SideForStudent.php modname Parameter
OpenSIS Community Edition before 7.5 is affected by a cross-site scripting (XSS) vulnerability in SideForStudent.php via the modname parameter.
CVSS 6.1
CVE-2020-6637 WRITEUP CRITICAL WRITEUP
openSIS Community Edition 7.3 - SQL Injection via USERNAME Parameter
openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php.
CVSS 9.8