N/A

SQL injection vulnerabilities were discovered in Ajax.php, ForWindow.php, ForExport.php, Modules.php, functions/HackingLogFnc.php in OpenSis Community Edition 9.1 to 8.0, and possibly earlier versions. It is possible for an authenticated user to perform SQL Injection due to the lack to sanitisation. The application takes arbitrary value from "X-Forwarded-For" header and appends it to a SQL INSERT statement directly, leading to SQL Injection.

N/A

N/A

Open Solutions For Education openSIS 安全漏洞

Open Solutions For Education openSIS是美国Open Solutions For Education公司的一套开源的学生信息管理系统。 Open Solutions For Education openSIS Community Edition 9.1版本和8.0及之前版本存在安全漏洞，该漏洞源于缺乏清理，存在SQL注入漏洞，经过身份验证的用户可以执行SQL注入。

N/A

N/A