OS4ED openSIS SQL Injection Vulnerability in Student Filters Module

A SQL injection vulnerability has been identified in OS4ED openSIS versions 7.0 through 9.1. The issue arises in the Student Filters module, specifically within the 'filter_id' parameter of the 'StudentFilters.php' file. This vulnerability allows remote, authenticated attackers to inject SQL payloads, potentially leading to unauthorized data retrieval from the application's database.

Impact

Exploitation of this vulnerability allows for arbitrary SQL injection, enabling attackers to manipulate database queries and access sensitive information stored in the database.

Reproduction

To reproduce this vulnerability, an authenticated user can send a request to the 'Modules.php' endpoint with the 'modname' parameter set to 'students/StudentFilters.php', the 'modfunc' parameter set to 'filter_edit', and the 'filter_id' parameter replaced with a crafted SQL injection payload. This will trigger the SQL injection vulnerability by injecting malicious SQL code into the 'filter_id' parameter, which the application will execute against its database.