CVE-2024-51211

CRITICAL EXPLOITED NUCLEI

Os4ed Opensis - SQL Injection

Title source: rule

Description

SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $username_stn_id parameter, which can be manipulated by an attacker to inject arbitrary SQL commands.

Exploits (1)

vulncheck_xdb SUSPICIOUS

infoleak

https://github.com/kutsa1/My-CVE

View Code ZIP pw:eip

Nuclei Templates (1)

openSIS Classic v9.1 - SQL Injection

CRITICALVERIFIEDby Haliteroglu

Shodan: title:"openSIS"

FOFA: title="openSIS"

References (1)

[Exploit, Third Party Advisory] https://github.com/kutsa1/My-CVE/tree/main/CVE-2024-51211

View Exploit ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0406

EPSS Percentile 88.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-12-05

CWE

CWE-89

Status published

Products (2)

os4ed/opensis 9.0

os4ed/opensis 9.1

Published Nov 08, 2024

Tracked Since Feb 18, 2026