os4ed

Top products

The 15 most recently published vulnerabilities affecting os4ed.

• CVE-2025-65594OpenSIS 9.2 and below is vulnerable to Incorrect Access Control in Student.php, which allows an authenticated low-privilege user to perform unauthorized database write operations relating to the da...8.1Dec 9, 2025
• CVE-2025-26186SQL Injection vulnerability in openSIS v.9.1 allows a remote attacker to execute arbitrary code via the id parameter in Ajax.php8.1Jul 15, 2025
• CVE-2021-41691A SQL injection vulnerability exists in OS4Ed Open Source Information System Community v8.0 via the "student_id" and "TRANSFER{SCHOOL]" parameters in POST request sent to /TransferredOutModal.php.9.8Jun 24, 2025
• CVE-2025-22931An insecure direct object reference (IDOR) in the component /assets/stafffiles of OS4ED openSIS v7.0 to v9.1 allows unauthenticated attackers to access files uploaded by staff members.7.5Apr 3, 2025
• CVE-2025-22930OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the groupid parameter at /messaging/Group.php.9.8Apr 3, 2025
• CVE-2025-22929OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the filter_id parameter at /students/StudentFilters.php.9.8Apr 3, 2025
• CVE-2025-22928OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the cp_id parameter at /modules/messages/Inbox.php.9.8Apr 3, 2025
• CVE-2025-22927An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to /Modules.php?modname=messaging/Inbox.php&modfunc=save&filename.9.1Apr 3, 2025
• CVE-2025-22926An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to /Modules.php?modname=messaging/Inbox.php&modfunc=save&filename.9.8Apr 3, 2025
• CVE-2025-22925OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the table parameter at /attendance/AttendanceCodes.php. The remote, authenticated attacker requires the admin ...7.5Apr 2, 2025
• CVE-2025-22924OS4ED openSIS v7.0 through v9.1 contains a SQL injection vulnerability via the stu_id parameter at /modules/students/Student.php.8.8Apr 2, 2025
• CVE-2025-22923An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal and delete files by sending a crafted POST request to /Modules.php?modname=users/Staff.php&removefile.8.8Apr 2, 2025
• CVE-2024-51211SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $username_stn_id pa...9.8Nov 8, 2024
• CVE-2024-35584SQL injection vulnerabilities were discovered in Ajax.php, ForWindow.php, ForExport.php, Modules.php, functions/HackingLogFnc.php in OpenSis Community Edition 9.1 to 8.0, and possibly earlier versi...8.8Oct 15, 2024
• CVE-2024-46626OS4ED openSIS-Classic v9.1 was discovered to contain a SQL injection vulnerability via a crafted payload.8.8Oct 2, 2024