Os4Edu · Opensis · CVE-2014-8366
**Name of the Vulnerable Software and Affected Versions**
openSIS versions 4.5 through 5.3
**Description**
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `Username` and `password` variables in the "index.php" endpoint.
**Recommendations**
For openSIS versions 4.5 through 5.3, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.