CVE-2021-39377

Name of the Vulnerable Software and Affected Versions openSIS version 8.0

Description A SQL Injection issue exists, allowing a malicious attacker to issue SQL commands to the database through the username parameter in the "index.php" endpoint. This can enable a remote attacker to execute arbitrary SQL queries.

Recommendations For openSIS version 8.0, consider restricting access to the username parameter in the "index.php" endpoint until a patch is available. As a temporary workaround, disabling the use of MySQL (MariaDB) as the application database or limiting database privileges may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.