CVE-2021-41678

Name of the Vulnerable Software and Affected Versions openSIS version 8.0

Description The issue is related to a lack of protection against SQL query structure exploitation. This can allow a remote attacker to execute arbitrary SQL commands through the "/opensis/modules/users/Staff.php" endpoint, specifically using the staff{TITLE} parameter.

Recommendations For openSIS version 8.0, consider disabling the /opensis/modules/users/Staff.php endpoint until a patch is available to prevent exploitation through the staff{TITLE} parameter. Restrict access to this endpoint to minimize the risk of SQL injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.