Every CVE whose affected-product data names Os4ed Opensis, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (80)
CVE-2020-6139 — CVSS 9.8 (critical): SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The username_stf_email parameter in the…
CVE-2020-6141 — CVSS 9.8 (critical): An exploitable SQL injection vulnerability exists in the login functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can…
CVE-2020-6142 — CVSS 9.8 (critical): A remote code execution vulnerability exists in the Modules.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can…
CVE-2020-6143 — CVSS 9.8 (critical): A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. The password variable which is set at line…
CVE-2020-6144 — CVSS 9.8 (critical): A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. The username variable which is set at line…
CVE-2020-6637 — CVSS 9.8 (critical): openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php.
CVE-2024-51211 — CVSS 9.8 (critical): SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is…
CVE-2021-27341 — CVSS 9.8 (critical): OpenSIS Community Edition version <= 7.6 is affected by a local file inclusion vulnerability in DownloadWindow.php via the "filename"…
CVE-2021-39377 — CVSS 9.8 (critical): A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker…
CVE-2021-39378 — CVSS 9.8 (critical): A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker…
CVE-2021-39379 — CVSS 9.8 (critical): A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker…
CVE-2025-22926 — CVSS 9.8 (critical): An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to…
CVE-2023-38880 — CVSS 9.8 (critical): The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup…
CVE-2021-40353 — CVSS 9.8 (critical): A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can…
CVE-2021-41691 — CVSS 9.8 (critical): A SQL injection vulnerability exists in OS4Ed Open Source Information System Community v8.0 via the "student_id" and "TRANSFER{SCHOOL]"…
CVE-2021-40543 — CVSS 9.8 (critical): Opensis-Classic Version 8.0 is affected by a SQL injection vulnerability due to a lack of sanitization of input data at two parameters…
CVE-2021-40617 — CVSS 9.8 (critical): An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php.
CVE-2021-40618 — CVSS 9.8 (critical): An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1) ADDR_CONT_USRN, 2) ADDR_CONT_PSWD, 3) SECN_CONT_USRN or 4)…
CVE-2021-41679 — CVSS 9.8 (critical): A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can…
CVE-2021-41678 — CVSS 9.8 (critical): A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can…
CVE-2021-41677 — CVSS 9.8 (critical): A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can…
CVE-2025-22928 — CVSS 9.8 (critical): OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the cp_id parameter at /modules/messages/Inbox.php.
CVE-2020-6138 — CVSS 9.8 (critical): SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The uname parameter in the password reset page…
CVE-2020-6140 — CVSS 9.8 (critical): SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in the…
CVE-2025-22930 — CVSS 9.8 (critical): OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the groupid parameter at /messaging/Group.php.
CVE-2025-22929 — CVSS 9.8 (critical): OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the filter_id parameter at /students/StudentFilters.p…
CVE-2020-6137 — CVSS 9.8 (critical): SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in the…
CVE-2025-22927 — CVSS 9.1 (critical): An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to…
CVE-2020-6129 — CVSS 8.8 (high): SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in…
CVE-2020-6117 — CVSS 8.8 (high): SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bday parameter in the page…
CVE-2020-6118 — CVSS 8.8 (high): SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bmonth parameter in the page…
CVE-2020-6119 — CVSS 8.8 (high): SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The byear parameter in the page…
CVE-2020-6120 — CVSS 8.8 (high): SQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The fn parameter in the page…
CVE-2020-6121 — CVSS 8.8 (high): SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The ln parameter in the page…
CVE-2020-6122 — CVSS 8.8 (high): SQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The mn parameter in the page…
CVE-2020-6123 — CVSS 8.8 (high): An exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. The email parameter in the…
CVE-2020-6124 — CVSS 8.8 (high): An exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. The email parameter in the…
CVE-2020-6125 — CVSS 8.8 (high): An exploitable SQL injection vulnerability exists in the GetSchool.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request…
CVE-2020-6126 — CVSS 8.8 (high): SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. The course_period_id parameter in the page…
CVE-2020-6127 — CVSS 8.8 (high): SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. The id parameter in the page…
CVE-2020-6128 — CVSS 8.8 (high): SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL…
CVE-2020-6130 — CVSS 8.8 (high): SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in…
CVE-2020-6131 — CVSS 8.8 (high): SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in…
CVE-2020-6132 — CVSS 8.8 (high): SQL injection vulnerability exists in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page ChooseCP.php is vulnerable…
CVE-2020-6133 — CVSS 8.8 (high): SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page CourseMoreInfo.php is…
CVE-2020-6134 — CVSS 8.8 (high): SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page MassDropModal.php is…
CVE-2020-6135 — CVSS 8.8 (high): An exploitable SQL injection vulnerability exists in the Validator.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request…
CVE-2020-6136 — CVSS 8.8 (high): An exploitable SQL injection vulnerability exists in the DownloadWindow.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP…
CVE-2021-40309 — CVSS 8.8 (high): A SQL injection vulnerability exists in the Take Attendance functionality of OS4Ed's OpenSIS 8.0. allows an attacker to inject their own…
CVE-2023-38885 — CVSS 8.8 (high): OpenSIS Classic Community Edition version 9.0 lacks cross-site request forgery (CSRF) protection throughout the whole app. This may allow…
CVE-2024-35584 — CVSS 8.8 (high): SQL injection vulnerabilities were discovered in Ajax.php, ForWindow.php, ForExport.php, Modules.php, functions/HackingLogFnc.php in…
CVE-2024-46626 — CVSS 8.8 (high): OS4ED openSIS-Classic v9.1 was discovered to contain a SQL injection vulnerability via a crafted payload.
CVE-2025-22923 — CVSS 8.8 (high): An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal and delete files by sending a crafted POST…
CVE-2025-22924 — CVSS 8.8 (high): OS4ED openSIS v7.0 through v9.1 contains a SQL injection vulnerability via the stu_id parameter at /modules/students/Student.php.
CVE-2025-65594 — CVSS 8.1 (high): OpenSIS 9.2 and below is vulnerable to Incorrect Access Control in Student.php, which allows an authenticated low-privilege user to perform…
CVE-2025-26186 — CVSS 8.1 (high): SQL Injection vulnerability in openSIS v.9.1 allows a remote attacker to execute arbitrary code via the id parameter in Ajax.php
CVE-2020-27408 — CVSS 7.5 (high): OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated…
CVE-2022-27041 — CVSS 7.5 (high): Due to lack of protection, parameter student_id in OpenSIS Classic 8.0 /modules/eligibility/Student.php can be used to inject SQL queries…
CVE-2021-40636 — CVSS 7.5 (high): OS4ED openSIS 8.0 is affected by SQL Injection in CheckDuplicateName.php, which can extract information from the database.
CVE-2021-40635 — CVSS 7.5 (high): OS4ED openSIS 8.0 is affected by SQL injection in ChooseCpSearch.php, ChooseRequestSearch.php. An attacker can inject a SQL query to…
CVE-2023-38884 — CVSS 7.5 (high): An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated…
CVE-2014-8366 — CVSS 7.5 (high): SQL injection vulnerability in openSIS 4.5 through 5.3 allows remote attackers to execute arbitrary SQL commands via the Username and…
CVE-2025-22931 — CVSS 7.5 (high): An insecure direct object reference (IDOR) in the component /assets/stafffiles of OS4ED openSIS v7.0 to v9.1 allows unauthenticated…
CVE-2025-22925 — CVSS 7.5 (high): OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the table parameter at /attendance/AttendanceCodes.ph…
CVE-2023-38879 — CVSS 7.5 (high): The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to read arbitrary files via a directory traversal…
CVE-2013-1349 — CVSS 7.5 (high): Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname…
CVE-2021-40651 — CVSS 6.5 (medium): OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose…
CVE-2022-45962 — CVSS 6.5 (medium): Open Solutions for Education, Inc openSIS Community Edition v8.0 and earlier is vulnerable to SQL Injection via CalendarModal.php.
CVE-2021-40542 — CVSS 6.1 (medium): Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). An unauthenticated user can inject and execute JavaScript code…
CVE-2023-38881 — CVSS 6.1 (medium): A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote…
CVE-2023-38882 — CVSS 6.1 (medium): A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote…
CVE-2023-38883 — CVSS 6.1 (medium): A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote…
CVE-2021-27340 — CVSS 6.1 (medium): OpenSIS Community Edition version <= 7.6 is affected by a reflected XSS vulnerability in EmailCheck.php via the "opt" parameter.
CVE-2020-27409 — CVSS 6.1 (medium): OpenSIS Community Edition before 7.5 is affected by a cross-site scripting (XSS) vulnerability in SideForStudent.php via the modname…
CVE-2021-40637 — CVSS 6.1 (medium): OS4ED openSIS 8.0 is affected by cross-site scripting (XSS) in EmailCheckOthers.php. An attacker can inject JavaScript code to get the…
CVE-2021-40310 — CVSS 5.4 (medium): OpenSIS Community Edition version 8.0 is affected by a cross-site scripting (XSS) vulnerability in the TakeAttendance.php via the…