Whwhwh96

**Name of the Vulnerable Software and Affected Versions** OpenSis Community Edition versions 8.0 through 9.1 **Description** The issue is related to SQL injection due to a lack of sanitization. An authenticated user can perform SQL injection because the application directly appends an arbitrary value from the `X-Forwarded-For` header to a SQL INSERT statement. This allows for potential manipulation of database queries. **Recommendations** For OpenSis Community Edition versions 8.0 through 9.1, consider disabling the affected PHP files (Ajax.php, ForWindow.php, ForExport.php, Modules.php, functions/HackingLogFnc.php) until a patch is available to prevent SQL injection attacks. Restrict access to these files to minimize the risk of exploitation. Avoid using the `X-Forwarded-For` header in SQL statements until the issue is resolved.