OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the filter_id parameter at /students/StudentFilters.php.
An attacker sends a crafted HTTP request containing a malicious payload in the filter_id parameter to the /students/StudentFilters.php endpoint. Input data is not properly validated or sanitized before use in an SQL query, allowing injection of arbitrary SQL instructions. Since the attack does not require authentication or user interaction, it can be conducted remotely by anyone with network access to the application.
An attacker can gain unauthorized access to the database, read, modify, or delete student data and other sensitive information stored in the system. Depending on the database server configuration, it is also possible to take control of the server's operating system.
Apply patches available from the vendor according to references. It is recommended to update to a version higher than 9.1 and restrict access to the openSIS application only to trusted networks or users (e.g., through a firewall or VPN) until the patch is implemented.
Os4Ed openSIS versions 7.0 to 9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HOs4ed Opensis
APPOs4Ed7.0 – 9.1
Related vulnerabilities
SQL Injection w OpenSIS via parametry student_id i TRANSFER[SCHOOL]
SQL Injection w OS4ED openSIS — parametr cp_id w module wiadomości
Path traversal w openSIS umożliwia nieautoryzowany dostęp do plików
Path traversal w openSIS — nieautoryzowany dostęp do plików przez Modules.php
SQL injection w OS4Ed openSIS via parametr groupid w Group.php