CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
CVE-2025-26186: SQL Injection vulnerability in openSIS v.9.1 allows a remote attacker to execute arbitrary code via the id parameter in Ajax.php
Description
SQL Injection vulnerability in openSIS v.9.1 allows a remote attacker to execute arbitrary code via the id parameter in Ajax.php
Classification
CVE ID: CVE-2025-26186
Affected Products
Vendor: n/a
Product: n/a
References
https://nvd.nist.gov/vuln/detail/CVE-2025-26186https://www.os4ed.com/
https://github.com/OS4ED/openSIS-Classic/pull/330