Os4ed CVE - OpenCVE

Filtered by vendor Os4ed Subscribe

Total 69 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-6119	1 Os4ed	1 Opensis	2024-11-21	6.5 MEDIUM	8.8 HIGH
SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The byear parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2020-6118	1 Os4ed	1 Opensis	2024-11-21	6.5 MEDIUM	8.8 HIGH
SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bmonth parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2020-6117	1 Os4ed	1 Opensis	2024-11-21	6.5 MEDIUM	8.8 HIGH
SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bday parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2020-27409	1 Os4ed	1 Opensis	2024-11-21	4.3 MEDIUM	6.1 MEDIUM
OpenSIS Community Edition before 7.5 is affected by a cross-site scripting (XSS) vulnerability in SideForStudent.php via the modname parameter.
CVE-2020-27408	1 Os4ed	1 Opensis	2024-11-21	5.0 MEDIUM	7.5 HIGH
OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users.
CVE-2020-13383	1 Os4ed	1 Opensis	2024-11-21	5.0 MEDIUM	7.5 HIGH
openSIS through 7.4 allows Directory Traversal.
CVE-2020-13382	1 Os4ed	1 Opensis	2024-11-21	6.4 MEDIUM	9.1 CRITICAL
openSIS through 7.4 has Incorrect Access Control.
CVE-2020-13381	1 Os4ed	1 Opensis	2024-11-21	7.5 HIGH	9.8 CRITICAL
openSIS through 7.4 allows SQL Injection.
CVE-2020-13380	1 Os4ed	1 Opensis	2024-11-21	7.5 HIGH	9.8 CRITICAL
openSIS before 7.4 allows SQL Injection.

Vulnerabilities (CVE)