Kutsal Gürlek

**Name of the Vulnerable Software and Affected Versions** OS4ED openSIS-Classic version 9.1 **Description** A SQL injection issue exists due to improper input validation of the `username stn id` parameter in the resetuserinfo.php file, allowing an attacker to inject arbitrary SQL commands. **Recommendations** For OS4ED openSIS-Classic version 9.1, consider disabling the resetuserinfo.php file or restricting access to it until a patch is available to prevent exploitation of the SQL injection vulnerability. Additionally, ensure proper input validation for the `username stn id` parameter to mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.