Home

Description

A SQL injection vulnerability exists in OS4Ed Open Source Information System Community v8.0 via the "student_id" and "TRANSFER{SCHOOL]" parameters in POST request sent to /TransferredOutModal.php.

PUBLISHED Reserved 2021-09-27 | Published 2025-06-24 | Updated 2025-06-25 | Assigner mitre

References

opensis.com/

github.com/OS4ED/openSIS-Classic/

resources.s4e.io/...stem-0-day-vulnerability-cve-2021-41691/

cve.org (CVE-2021-41691)

nvd.nist.gov (CVE-2021-41691)

Download JSON