search

OS4ED / openSIS-Classic

openSIS is a commercial grade, secure, scalable & intuitive Student Information System, School Management Software from OS4ED. Has all functionalities to run single or multiple institutions in one installation. Web based, php code, MySQL database.
https://www.os4ed.com
222 stars 207 forks source link

Vulnerabilty Disclosure #271

Closed Cr4ckC4t closed 1 year ago

Cr4ckC4t commented 1 year ago

A vulnerabilty that was discovered and reported in 8.0 still exists in the new release 9.0.

You should have received an invite for a report on huntr.dev to your mailbox: info@os4ed.com about a month ago.

sarika0lal commented 1 year ago

Hello,

We have updated the code with the fix. Please install our system using the fresh code and let us know your feedback in case you have any.

Thanks!

Cr4ckC4t commented 1 year ago

@sarika0lal The vulnerability still exists in the latest release and on the master branch (as of now).

Note, that I submitted another vulnerabilty some time ago that has indeed been fixed in 9.0. However, this now is a separate report that was filed via the platform: huntr.dev.

I have also sent a reminder via email today, which includes a link to that report.

I appologize for the confusion that this matter may have caused. Should you still not have access to that report, please let me know and I will initiate a second invitation to info@os4ed.com.