Primary

Context

OS4ED openSIS SQL Injection Vulnerability in Student Module

Vulnerability

A SQL injection vulnerability has been identified in OS4ED openSIS versions 7.0 through 9.1. The issue arises in the Student module, specifically within the Student.php file, where the stu_id parameter is vulnerable to injection attacks.

Impact

Exploitation of this vulnerability allows for SQL injection, which could lead to unauthorized data access or manipulation in the application's database.

Reproduction

To reproduce this vulnerability, send a request to the Student.php file in the students module with a crafted stu_id parameter that includes SQL injection payloads. The application will improperly handle the input, allowing for the execution of arbitrary SQL commands.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

3.1

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

3.1

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OS4ED openSIS SQL Injection Vulnerability in Student Module

Vulnerability

Impact

Reproduction

Affected Products

OS4ED openSIS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating