Nathan Johnson

**Name of the Vulnerable Software and Affected Versions** openSIS version 8.0 **Description** A SQL Injection issue exists, allowing a malicious attacker to issue SQL commands to the database through the `username` parameter in the "index.php" endpoint. This can enable a remote attacker to execute arbitrary SQL queries. **Recommendations** For openSIS version 8.0, consider restricting access to the `username` parameter in the "index.php" endpoint until a patch is available. As a temporary workaround, disabling the use of MySQL (MariaDB) as the application database or limiting database privileges may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** openSIS version 8.0 **Description** A SQL Injection issue exists, allowing a malicious attacker to issue SQL commands to the database through the `str` parameter in NamesList.php. This is due to a lack of protection for the SQL query structure, enabling a remote attacker to execute arbitrary SQL queries using the NamesList.php parameter. **Recommendations** For openSIS version 8.0, consider restricting access to the NamesList.php file or the `str` parameter to minimize the risk of exploitation until a patch is available. As a temporary workaround, disabling the use of MySQL (MariaDB) as the application database may also reduce the risk, but this should be carefully considered due to potential impacts on application functionality. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** openSIS version 8.0 **Description** A SQL Injection issue exists, allowing a malicious attacker to issue SQL commands to the database through the `password stn id` parameter in ResetUserInfo.php. This can enable a remote attacker to execute arbitrary SQL queries. **Recommendations** For openSIS version 8.0, consider restricting access to the ResetUserInfo.php endpoint until a patch is available, and avoid using the `password stn id` parameter in this endpoint to minimize the risk of exploitation.